Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Apple Deprecates Outdated TLS Protocols in iOS, macOS

Apple this week announced that it has deprecated the Transport Layer Security (TLS) 1.0 and 1.1 legacy encryption protocols from the latest iterations of its mobile and desktop platforms.

Critical for the security of web traffic, TLS ensures the confidentiality and integrity of data being transmitted between servers and clients.

Apple this week announced that it has deprecated the Transport Layer Security (TLS) 1.0 and 1.1 legacy encryption protocols from the latest iterations of its mobile and desktop platforms.

Critical for the security of web traffic, TLS ensures the confidentiality and integrity of data being transmitted between servers and clients.

Over two decades old, TLS 1.0 has been long deemed insecure, as was TLS 1.1, which was mainly designed to address limitations in its predecessor and to prevent specific attacks.

Some of the weaknesses in TLS 1.0 and 1.1 have been addressed with the release of TLS 1.2 more than 10 years ago, with additional hardening and protections added in TLS 1.3, which has been around for more than three years.

Back in 2018, major browser vendors, Apple included, announced plans to deprecate support for both TLS 1.0 and 1.1. The Internet Engineering Task Force (IETF) deprecated them as of March 25, 2021, and Apple is getting ready to fully remove support for these legacy encryption protocols from its products.

“These versions have been deprecated on Apple platforms as of iOS 15, iPadOS 15, macOS 12, watchOS 8, and tvOS 15, and support will be removed in future releases,” the company announced this week.

Advertisement. Scroll to continue reading.

Applications that have App Transport Security (ATS) enabled on all connections, the Cupertino-based tech giant tells developers, are already set. For those that continue to use TLS 1.0 or 1.1, developers should transition to TLS 1.2 or later.

“We recommend supporting TLS 1.3, as it’s faster and more secure. Make sure your web servers support the later versions,” Apple says.

Furthermore, the company tells developers to remove from their applications several deprecated Security.framework symbols for the TLS 1.0 and 1.1 protocols.

Related: NSA Issues Guidance on Replacing Obsolete TLS Versions

Related: ALPACA: New TLS Attack Allows User Data Extraction, Code Execution

Related: Microsoft Enables TLS 1.3 by Default in Windows 10 Insider Preview

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.