Yesterday Apple Fixed A Bug In iOS 7. It’s A Doozy
Yesterday Apple announced a fix to a security bug in its iOS 7 system. Today Web security experts have parsed the patch to figure out what exactly the problem was… And apparently it’s a doozy.
Wired has all of the gory details:
“[The] terse description in Apple’s announcement yesterday had some of the internet’s top crypto experts wondering aloud about the exact nature of the bug. Then, as they began learning the details privately, they retreated into what might be described as stunned silence. “Ok, I know what the Apple bug is,” tweeted Matthew Green, a cryptography professor at Johns Hopkins. “And it is bad. Really bad.”
The culprit of what may be one of Apple’s biggest security snafus is an extra “goto” in one part of the authentication code, Wired reported. That spurious line of code bypasses the rest of the authentication protocols.
The bug could could allow hackers…
View original post 88 more words