Apple Drops SSL 3.0 for Push Notifications due to Poodle Flaw

Apple is going to drop SSL 3.0 support for their push notification service due to the recently discovered POODLE vulnerability in the SSL protocol, according to Apple’s announcement.

The company is pulling the plug for SSL 3.0 support on Wednesday, October 29, in favor of the newer and more secure Transport Layer Security (TLS) protocol.

“Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected,” the announcement said.

“To check for compatibility, we have already disabled SSL 3.0 on the Provider Communication interface in the development environment only.”

Applications that already use both SSL and TLS will not be affected by this changes, only those who already use SSL 3.0 will need updates.

Apple`s decision comes just one week after the POODLE vulnerability was disclosed by Google, that if exploited could intercept cookies and allow a session hijack attack or take various credentials such as banking details, network credentials and others.