苹果修复Mac的POODLE漏洞

2014/10/21

Apple has released OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5 SSL3.0 patch to address vulnerabilities, referred to as POODLE error. An attacker could use this error to decrypt SSL-protected data.

This week Google announced that they had identified cryptographic component when using a block cipher in CBC mode when damage SSL3.0 confidentiality known attacks. An attacker could TLS1.0 and later by blocking connection attempts, enforces SSL3.0, even if the server supports TLS version better. SSL3.0 have known vulnerabilities can allow hackers to read the user’s cookies and private communications.

Comodo recommends disabling SSL3.0 on a server or an old version of the browser. Newer browsers have disabled SSL3.0 default situation.

If you want to disable SSL3.0 in Internet Explorer, do the following:

1) Select Tools (Alt + X)

2) Select Internet Options

3) Select the Advanced tab

4) In the security group, uncheck “Use SSL3.0″

If you are unsure whether your browser SSL3.0, you can check in poodletest.com site.

Users and administrators should see the Apple security updates HT6531 for more details.

Tags:

Write a comment

Name
Comment