Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Apple Deprecates Outdated TLS Protocols in iOS, macOS

Apple this week announced that it has deprecated the Transport Layer Security (TLS) 1.0 and 1.1 legacy encryption protocols from the latest iterations of its mobile and desktop platforms.

Critical for the security of web traffic, TLS ensures the confidentiality and integrity of data being transmitted between servers and clients.

Apple this week announced that it has deprecated the Transport Layer Security (TLS) 1.0 and 1.1 legacy encryption protocols from the latest iterations of its mobile and desktop platforms.

Critical for the security of web traffic, TLS ensures the confidentiality and integrity of data being transmitted between servers and clients.

Over two decades old, TLS 1.0 has been long deemed insecure, as was TLS 1.1, which was mainly designed to address limitations in its predecessor and to prevent specific attacks.

Some of the weaknesses in TLS 1.0 and 1.1 have been addressed with the release of TLS 1.2 more than 10 years ago, with additional hardening and protections added in TLS 1.3, which has been around for more than three years.

Back in 2018, major browser vendors, Apple included, announced plans to deprecate support for both TLS 1.0 and 1.1. The Internet Engineering Task Force (IETF) deprecated them as of March 25, 2021, and Apple is getting ready to fully remove support for these legacy encryption protocols from its products.

“These versions have been deprecated on Apple platforms as of iOS 15, iPadOS 15, macOS 12, watchOS 8, and tvOS 15, and support will be removed in future releases,” the company announced this week.

Applications that have App Transport Security (ATS) enabled on all connections, the Cupertino-based tech giant tells developers, are already set. For those that continue to use TLS 1.0 or 1.1, developers should transition to TLS 1.2 or later.

“We recommend supporting TLS 1.3, as it’s faster and more secure. Make sure your web servers support the later versions,” Apple says.

Advertisement. Scroll to continue reading.

Furthermore, the company tells developers to remove from their applications several deprecated Security.framework symbols for the TLS 1.0 and 1.1 protocols.

Related: NSA Issues Guidance on Replacing Obsolete TLS Versions

Related: ALPACA: New TLS Attack Allows User Data Extraction, Code Execution

Related: Microsoft Enables TLS 1.3 by Default in Windows 10 Insider Preview

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...