Read, a day or two ago, about Apple forgetting to update the software update machine's SSL certificate. Made me think of a problem with the heartbleed problem. If the certificate wasn't updated (and it obviously wasn't, from looking at the dates), then heartbleed could still be a problem.
Even if the heartbleed bug was fixed, if the server cert hadn't been updated, then it would still be possible to do a "man in the middle" attack, if the server was compromised before the heartbleed bug was patched. Maybe not a big deal, as there probably isn't all that much data flowing across the software update server. But still something to think about. I hope they've done a better job with itunes, app store, mac app store, and apple store server certs.
No comments:
Post a Comment