#Apple handshaker update
Yesterday's security update for Secure Transport "fixes renegotiation and header truncation issues", according to the triple-handshake team the iPhone maker duly credited the Paris-based researchers in its advisory this week. This vulnerability was assigned CVE-2014-1295 on 8 January, 2014, and is linked to the triple handshake design flaws in the SSL/TLS protocol that were publicly documented in early March by Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Alfredo Pironti and Pierre-Yves Strub (see Register passim).Īpple was privately warned of the vulnerabilities by the aforementioned researchers on 10 January, we're told. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. In Apple's words, the bug can be exploited thus: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. Not too terrifying." What is a triple-handshake vulnerability?
#Apple handshaker Patch
Do not reproduce without permission.Matthew Green, a professor of computer science who teaches cryptography at Johns Hopkins University in Maryland, US, commented: "The SSL patch in the new Apple update fixes a subtle issue with client authentication. The illustration for the wearable charger showed a round smartwatch which coincides with another patent Apple received in December last year. Only recently, Apple was granted a patent for a wearable external battery charger which would allow a wearable device such as the Apple Watch to last longer especially during long travels.
#Apple handshaker mac
Mac Rumors also noted that the information shared through the devices will be stored locally or in the cloud. The patent focuses on Apple Watches though it also indicated that other smart devices such as phones may also have the feature in the future.
Potential users of the new feature will be required to select a re-defined gesture which will prevent information from accidentally transferring to another. Aside from those mentioned above, other greeting gestures such as salutes, waves, hugs and bows may work. The new Apple patent will utilize some kind of "greeting event" instead of a "bumping" gesture to share data between devices. The Bump app used to allow the sharing of personal information such as contact numbers, photos, and videos by simply "bumping" devices. The transfer of data will be possible through an ad hoc wireless connection that is similar to Bump, a once popular iOS app that was canceled back in 2014.
This simply involves the sharing of data between wearable techs such as smartwatches and other mobile devices.Īccording to Apple Insider, the transferring of information will occur in a secure manner so there should be no worries that personal information and other important data will not be shared with people other than those intended to be shared with. Patent and Trademark Office today along with over 40 other Apple patents, is labeled as "Gesture-based information exchange between devices in proximity". This innovation will be possible through the Apple Watch. A new patent that was recently published indicates Apple's plans to have data sharing possible just by shaking hands, bumping fists, giving high fives or patting backs.
0 kommentar(er)
