Apple has landed itself in some bother on the security front, as it seems there was a major security flaw in its mobile operating system (which is now patched), and indeed it could also affect Cupertino’s desktop OS.
The vulnerability is present in the way SSL and TSL authentication are handled, meaning that somebody else on the same unsecured wireless network as an iPhone or iPad user can use a man-in-the-middle attack to slip past encryption and capture – or indeed modify – the user’s data.
As SSL (Secure Sockets Layer) is the protocol widely used to keep sensitive data encrypted, such as online payments to websites, you can appreciate that this is a serious matter. Anything from Amazon transactions to Gmail correspondence could potentially be breached by a malicious party exploiting the iOS flaw.
Which is why Apple pushed out a swift security update with iOS 7.0.6 (and iOS 6.1.6). If you own an iGadget, you should get it patched immediately, otherwise you could be vulnerable to the exploit.
In a post about the security update, Apple said: “Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.”
The description of the issue read: “Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.”
Cupertino didn’t go into any further details, such as how long this problem has existed.
Matthew Green, cryptography professor at Johns Hopkins University, cautioned that the flaw was “as bad as you could imagine, that's all I can say.”
The Guardian notes that security researchers have said that this flaw also blights the Mac operating system, and no patch for OS X has yet been released. If this is the case, we can expect one in pretty short order. However, be warned, you could potentially be at risk if you’re out and about surfing at Internet cafes or other public Wi-Fi networks with your MacBook.
iOS 7.1 is expected to roll out next month, complete with a raft of further bug fixes.