{"id":2803,"date":"2014-02-23T00:00:00","date_gmt":"2014-02-23T00:00:00","guid":{"rendered":"http:\/\/otava.test\/security-alert-flaw-in-ios-could-impact-hipaa-and-other-privacy-security-compliance-obligations\/"},"modified":"2014-02-23T00:00:00","modified_gmt":"2014-02-23T00:00:00","slug":"security-alert-flaw-in-ios-could-impact-hipaa-and-other-privacy-security-compliance-obligations","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/security-alert-flaw-in-ios-could-impact-hipaa-and-other-privacy-security-compliance-obligations\/","title":{"rendered":"Security alert: Flaw in iOS could impact HIPAA and other privacy security compliance obligations"},"content":{"rendered":"

A hat tip to Tatiana Melnik <\/a>\u2013 an attorney concentrating her practice on IT, data privacy and security, and regulatory compliance \u2013 for passing on this security alert, which could impact\u00a0HIPAA <\/a>and other privacy security compliance obligations for those using iPhones, iPads and Mac computers, and any company with a Bring Your Own Device (BYOD) policy in the workplace:<\/p>\n

ArsTechnica has reported<\/a> today an extremely critical cryptography flaw discovered in iOS versions 6.1.5, 7.0.4, and 7.0.5, and OS X 10.9.0 and 10.9.1 that has exposed sensitive communications.<\/p>\n

A critical iOS vulnerability that Apple patched on Friday gives attackers an easy way to surreptitiously circumvent the most widely used technology for preventing eavesdropping on the Interne<\/strong>t. That made the security bug about as dire as one can be. Now, there’s strong evidence that the same flaw also exposes sensitive e-mail and Web communications<\/strong> on fully patched versions of OS X, with no indication that there is a patch currently available for the millions of people who use the Mac operating system.<\/p>\n

The flaw, \u201caccording to researchers, causes most iOS and Mac applications to skip a crucial verification check that’s supposed to happen when many transport layer security (TLS) and secure sockets layer (SSL) connections are being negotiated. \u2026 independent security researcher Ashkan Soltani \u2026 and other researchers say virtually all applications that rely on the SecureTransport TLS layer are susceptible to the attack, regardless of whether they use a technique known as certificate pinning designed to block counterfeit encryption certificates.\u201d<\/p><\/blockquote>\n

ArsTechnica suggests these next steps:<\/p>\n