Avatar of mike2401
mike2401Flag for United States of America asked on

Apple SSL bug: WiFi risk only?

After reading the description of this dramatic SSL bug affecting iphones, ipads & macs, I remain confused:

Is this only relevant if you are on a shared wifi network?

If you are on cellular 3G,LTE or on your private wifi at home, how is this relevant?

I have several ipad users (IOS6) who have refused to upgrade to IOS7.

Is this SSL issue a compelling reason to do so? (A patch is not available on IOS6 for iPad2 / iphone 4).

Thanks,
Mike
iPhoneApple OSEncryption

Avatar of undefined
Last Comment
mike2401

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
strung

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Dave Howe

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
mike2401

This is the answer I got elsewhere which makes the most sense:

I got my answer.  Bottom line: Tim is right, it's not about the wifi.

"It matters anywhere. This isn't someone being able to "snoop" on your communications and hence be an issue on public WiFi but not via cell. It's a flaw that could allow a hacker to trick your system into visiting and accepting as valid an imposter site that looks like a secure (i.e. HTTPS) web site should the attacker be able in some way to misdirect your connection, such as through a fake email or other fake web site.
 
If you want a more complete explanation without getting too far into the code, see:
 
http://nakedsecurity.sophos.com/2014/02/24/anatomy-of-a-goto-fail-apples-ssl-bug -explained-plus-an-unofficial-patch/"
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
mike2401

If the victim user gets a faked email from citibank (with genuine graphics copied from their site, a fake from), and clicks the link.

It takes the victim to ci1ibank.com (1 not t).

Could the SSL bug be relevant then?

Mike
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
mike2401

Thanks!  I got all my IOS 4.x ipad2 users to upgrade to IOS 7.  (no small task!   exec's don't like change!)
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Dave Howe

pity you couldn't get budget to buy them newer already-ios-7 iThingies - they would have jumped at that instead of bitching about upgrading software :)
ASKER
mike2401

money aside, I really don't want to fuss with them (when everything is working fine) :-)
Dave Howe

meh. from experience, toys in the hands of execs are never *less* work, no matter what release they are :)
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
mike2401

I nearly lost everything on one exec's ipad (upgrading from ios 4 to ios7).  The trick was after the upgrade, I had to pick 'setup as new ipad' (which I didn't want to do because I thought it would erase everything).  Turns out ios4 was pre icloud, so it totally confused the upgrade.

I guess no apple engineer thought anyone would ever upgrade from something that old?