Read, a day or two ago, about Apple forgetting to update the software update machine's SSL certificate. Made me think of a problem with the heartbleed problem. If the certificate wasn't updated (and it obviously wasn't, from looking at the dates), then heartbleed could still be a problem.
Even if the heartbleed bug was fixed, if the server cert hadn't been updated, then it would still be possible to do a "man in the middle" attack, if the server was compromised before the heartbleed bug was patched. Maybe not a big deal, as there probably isn't all that much data flowing across the software update server. But still something to think about. I hope they've done a better job with itunes, app store, mac app store, and apple store server certs.
Showing posts with label vulnerability. Show all posts
Showing posts with label vulnerability. Show all posts
20140528
Subscribe to:
Posts (Atom)