The SSL bug Apple fixed in iOS 7.0.6 remains unpatched on Mac; leaves your device vulnerable to hackers


Yesterday, Apple released an update for devices running iOS 6 and iOS 7 that fixed a critical security flaw that could let an attacker sniff and modify your data on secure HTTPS sessions.

The bug emerged out of a rather silly error where the portion of the code that verified the authenticity of the server was never reached. This meant that someone, who was on the same Wi-Fi network as you were, could intercept data being passed through secure channels to Gmail, Facebook etc., and potentially alter it. The consequences of this flaw are quite serious since banking sites, payment gateways depend upon SSL/TLS connections to prevent spoofing, and stealing of credentials.

While iOS devices have received a fix in the form of iOS 7.0.6/iOS 6.1.6, OS X Mavericks 10.9.1 remains vulnerable to this flaw. Chrome and Firefox do not use Apple’s inbuilt libraries to protect secure sessions, so they’re safe, but Safari, and a lot of Mac apps can be exploited. You can visit to see if your browser is vulnerable.

The bug was reportedly introduced in iOS 6, as devices running iOS 5 do not show up as vulnerable when visiting

We hope Apple has a security update for OS X ready to be released soon, as now, with the bug being public, the risk is more than ever.


You can now patch the security bug without upgrading to iOS 7.0.6 or iOS 6.1.6 thanks to a jailbreak tweak released on Cydia. Check this post for more details.