4 Replies Latest reply: Feb 23, 2014 8:21 PM by MadMacs0
whidbeyben3 Level 1 (0 points)

The news is blaring warnings about using iPhones, iPads, and Macs on shared networks because of a problem with SSL/TLS.  Apple's releases make it clear that iOS7 and Mac OSX 10.9 and specifically vulnerable to this.


3rd party sites suggest the vulnerability was introduced recently in iOS7 and Mac OSX 10.9, but do not specifically exempt iOS 6 versions, or Mac OSX 10.8 and earlier.


I went on the gotofail.com test page with my Mac on 10.8.5, and it said my client wasn't vulnerable, but a link on that website did suggest Safari on MacOSX 10.9 was vulnerable to a "BEAST" attack.  Firefox was not.


My iPhone's are still on iOS6 because they are 4S's and I didn't want to suffer slowdowns from excessive iOS7 overhead for new special effects.  However, there doesn't appear to be any mechanism for updating iOS6 if these are also subject to the same vulnerability.  One third party web site did suggest that a fix for iOS6 was in the works, but my phones only show the iOS 7.0.6 update in the general settings. There is no option for an iOS6 update without switching entirely to iOS7.


What is the actual word from Apple?  Are iOS6 users and MacOSX 10.8 and earlier users SAFE?

iPhone 4S, iOS 6.1.5, Mac OSX 10.8.5