UnluckyKate
Member
OSX isn't updated yet ?
Not exactly. You could rename "goto fail" to "goto exit" to remove the confusion; the problem occurs when that block is called with an error code of zero (which is what the second goto does). In other words, when fail is called when there is no failure, it succeeds, bypassing further checks.
Apple's real fail here is not asserting that err is non-zero in the fail block, which would ensure fail is only called on error (and otherwise warn or crash), and would have caught the problem at virtually no cost.
Any word on how iOS 7 runs on 2nd gen iPads? I never upgraded from iOS 5 after all the problems iOS 6 were giving users.
Yes. Depending on how far down the rabbit hole you want to go:
1. NSA have not exploited the flaw.
2. NSA found the flaw and exploited it.
3. NSA had a mole at Apple that purposely put in the flaw.
4. Apple consciously put in the flaw for the NSA.
Seems like a bad design if they need to cache the error codes in a member variable if you ask me.
Pretty mediocre. iPad is somewhat sluggish since iOS7, I'm not a fan.
Can someone explain the problem to someone who doesn't program?
Brackets.
This is insane. It took them a year to find this?
How the hell is this even possible?
This is going to be fun. And by fun I mean not fun.OSX isn't updated yet ?
Can someone explain the problem to someone who doesn't program?
So if I have an iPhone 4, I'm forced to update my phone to a newer version that will kill my performance or live with no security
Fuck
Hrm.. decisions, decisions..
I've been putting off upgrading for performance issues, and with more apps requiring 6/7 and now this, I might just go ahead and upgrade and deal with the sluggishness.
Thanks!
my iPhone hangs on Checking for Update. goddamn it apple it is because i'm jailbroken isn't it
Which iOS are you on? iOS 6 should be updated to 6.1.6. If you're <5, you're okay.
Can someone explain the problem to someone who doesn't program?
Good thing I'm using firefox. Says it's safe. Safari on the other hand failed the test.It enters fail: before hitting the conditional, which will always return true.
Which iOS are you on? iOS 6 should be updated to 6.1.6. If you're <5, you're okay.
edit: For those of you just joining us, please use https://gotofail.com/ to see if your system is compromised. Chrome is not affected because it uses its own verification system.
Only if you have a 3GS/iPod Touch 4G. Other devices, like the iPhone 4, can only update to iOS 7, as Apple won't sign anything prior to that.
I'm in the same boat.So if I have an iPhone 4, I'm forced to update my phone to a newer version that will kill my performance or live with no security
Fuck
So if I have an iPhone 4, I'm forced to update my phone to a newer version that will kill my performance or live with no security
Fuck
See where it says goto fail twice? Because of the way the condition is formatted, the second 'goto fail' will always execute regardless of condition. It's like if they wrote this:Can someone explain the problem to someone who doesn't program?
i hope who ever over looked this bug during auditing got fired.
See where it says goto fail twice? Because of the way the condition is formatted, the second 'goto fail' will always execute regardless of condition. It's like if they wrote this:
if (condition) { goto fail };
goto fail;
Wow thank goodness I don't use public wifi.
so if you haven't connected to public wifi you're good?
So does this affect people on a home WiFi network that is locked?
I thought this had something to do with the timing of a GBA4 iOS which can be used on non jail broken phones?
Doesn't matter if you're on public or private wifi, you were still exposed to MITM attacks. Update.
My iOS devices are updated, but my MBP isn't so much an issue as it hasn't been out of my house for a few years at least, correct?
Doesn't matter if you're on public or private wifi, you were still exposed to MITM attacks. Update.
Well at least the picture is wrong (or at least, not completely accurate in depicting the problem).
For those of you who don't speak code:
Problem #1: The encrypted connection always fails (pictured).
Problems 2 through 5000000000000000000: When an encrypetd connection fails, the system automatically falls back to an unencrypted transmission.
Yikes, my workplace hasn't even updated us to ios7 thats good right?
Yes, this seriously pisses me off. Might ditch Apple for my next phone because of this.Other devices, like the iPhone 4, can only update to iOS 7, as Apple won't sign anything prior to that.
Unbelievable I say.This is such an unbelievable oversight... I mean... Wow.
This is such an unbelievable oversight... I mean... Wow.
If I'm a hacker and had a convenient backdoor like this, I wouldn't tell anyone.I can see how the programming error itself was not caught.
HOWEVER, I'm quite surprised that both internal apple testing did not find it, and it was overlooked by hackers, or if it was discovered, remained a secret.