<- Back

Apple "GoToFail" Bug

February 27, 2014

Apple has released updates for both iOS and OSX which fix the "GoToFail" security hole which potentially allowed for man in the middle attacks.  While Apple devices would display the lock icon for a secure connection, the actual SSL verification was not taking place.  There are no reports of anyone exploting the security hole but there are questions about how it got through testing and quality control on both iOS and OSX.  The timing of the patching is also problematic as the iOS patch, which announced the security problem, came out several days before the OSX patch for Macs.