Apple squishes crypto bug

Apple has fixed an encryption bug inadvertently introduced with iOS 10.

iTunes backups encrypted iOS user data including Wi-Fi settings, browser history, health data and passwords. With iOS 10, Apple has made a number of changes to encrypted or password protected iTunes backups.

Early iOS 10 backups included a password hash used to verify whether the user had entered the correct password to decrypt the backup. This had the undesirable side effect of making it easier for hackers to crack the passwords of encrypted backups through brute force attacks, as previously reported.

Apple has resolved the security flaw by removing the new password hash from encrypted iOS 10.1 backups. The computer maker has reverted from an unsafe method back to the encryption method to the one used in iOS 9, as explained in a blog post by iOS app developers Reincubate here. ®

Biting the hand that feeds IT © 1998–2022