Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Apple Deprecates Outdated TLS Protocols in iOS, macOS

Apple this week announced that it has deprecated the Transport Layer Security (TLS) 1.0 and 1.1 legacy encryption protocols from the latest iterations of its mobile and desktop platforms.

Critical for the security of web traffic, TLS ensures the confidentiality and integrity of data being transmitted between servers and clients.

Apple this week announced that it has deprecated the Transport Layer Security (TLS) 1.0 and 1.1 legacy encryption protocols from the latest iterations of its mobile and desktop platforms.

Critical for the security of web traffic, TLS ensures the confidentiality and integrity of data being transmitted between servers and clients.

Over two decades old, TLS 1.0 has been long deemed insecure, as was TLS 1.1, which was mainly designed to address limitations in its predecessor and to prevent specific attacks.

Some of the weaknesses in TLS 1.0 and 1.1 have been addressed with the release of TLS 1.2 more than 10 years ago, with additional hardening and protections added in TLS 1.3, which has been around for more than three years.

Back in 2018, major browser vendors, Apple included, announced plans to deprecate support for both TLS 1.0 and 1.1. The Internet Engineering Task Force (IETF) deprecated them as of March 25, 2021, and Apple is getting ready to fully remove support for these legacy encryption protocols from its products.

“These versions have been deprecated on Apple platforms as of iOS 15, iPadOS 15, macOS 12, watchOS 8, and tvOS 15, and support will be removed in future releases,” the company announced this week.

Applications that have App Transport Security (ATS) enabled on all connections, the Cupertino-based tech giant tells developers, are already set. For those that continue to use TLS 1.0 or 1.1, developers should transition to TLS 1.2 or later.

“We recommend supporting TLS 1.3, as it’s faster and more secure. Make sure your web servers support the later versions,” Apple says.

Advertisement. Scroll to continue reading.

Furthermore, the company tells developers to remove from their applications several deprecated Security.framework symbols for the TLS 1.0 and 1.1 protocols.

Related: NSA Issues Guidance on Replacing Obsolete TLS Versions

Related: ALPACA: New TLS Attack Allows User Data Extraction, Code Execution

Related: Microsoft Enables TLS 1.3 by Default in Windows 10 Insider Preview

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.