Not at all: that's the bug. It's not properly verifying that the other-end of a ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

gojomo on Feb 22, 2014 | parent | context | favorite | on: About the security content of iOS 7.0.6

Not at all: that's the bug. It's not properly verifying that the other-end of a TLS session is the entity able to sign with the certificate-declared private-key.

ef4 on Feb 22, 2014 [–]

Most likely hrrsn was referring to code-signing keys. Even if you can successfully MITM a software update connection, iOS won't run your trojan unless it's got a valid signature.

Of course the jailbreaking community knows well that there have been many ways around that...

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact