Industry News

Apple Drops SSL 3.0 for Push Notifications due to Poodle Flaw

Apple is going to drop SSL 3.0 support for their push notification service due to the recently discovered POODLE vulnerability in the SSL protocol, according to Apple’s announcement.

The company is pulling the plug for SSL 3.0 support on Wednesday, October 29, in favor of the newer and more secure Transport Layer Security (TLS) protocol.

“Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected,” the announcement said.

Apple Employees Hacked via Java Plugin Exploit

“To check for compatibility, we have already disabled SSL 3.0 on the Provider Communication interface in the development environment only.”

Applications that already use both SSL and TLS will not be affected by this changes, only those who already use SSL 3.0 will need updates.

Apple’s decision comes just one week after the POODLE vulnerability was disclosed by Google, that if exploited could intercept cookies and allow a session hijack attack or take various credentials such as banking details, network credentials and others.

About the author

Lucian Ciolacu

Still the youngest Bitdefender News writer, Lucian is constantly after flash news in the security industry, especially when something is vulnerable or exploited. Besides digging for 'hacker' scoops and data leaks, he enjoys sports, such as football and tennis.
He has also combined an interest for social and political sciences, as a graduate of the Political Science Faculty, with a passion for guitar and computer games.