Karma patched by Apple for iOS?

[mw3demo]

http://www.macrumors.com/2014/02/22/os-x-ssl-vulnerability/

Just read this article. Is it basically saying the Apple has patched this? I'm going to test tommorow. Looks like OSX will eventually get patched too.

[Mr-Protocol]

That isn't talking about Karma. It's talking about SSL.

"Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS."

Meaning, if you are MITM, you can modify the traffic even with SSL/TLS.

"Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps."

In other words, iOS was vulnerable to a man-in-the-middle attack where an attacker could pose as a trusted website to intercept communications, acquiring sensitive information such as login credentials and passwords, or injecting harmful malware.

To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake.

This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).

[mw3demo]

You are 100% right, it was 5am. Title should have been "SSLStrip Patched by Apple for iOS?"