Skip to main content

Apple finally patches serious OS X security breach

Apple has plugged a gap in OS X that reportedly opened up its users to security breaches and malicious attacks whilst browsing pages online.

Related: Major security flaw hits iOS, iPhone and iPad users should update to iOS 7.0.6 immediately

It had already released a software update to protect iPhone, iPad and iPhone owners from “an attacker” that could “capture or modify data” and has now had to do the same for laptops or desktops computers running OS X.

At the core of the problem was a vulnerability in the way SSL and TSL authentication is handled and it enabled an attack to be launched against an Apple device running Safari using the same unsecured wireless network as the attacker.

A secure socket layer [SSL] keeps all sensitive data encrypted meaning that everything from online banking transactions to purchases made on Amazon and emails sent by Gmail could have been affected by the flaw.

The fix for mobile devices came last week and at the time Apple stated that it was aware of the problem with OS X and it had a “software fix that will be released very soon.”

The BBC reports that researchers knew about the problem for several months and no one had reported it publicly, which reflects particularly badly upon the company, according to security analyst Graham Cluley.

"It's pretty bad what Apple have done, they've seriously dropped the ball. How much the problem has been exploited is hard to say. Hackers may now be trying to take advantage while users wait for the security fix."

Owners of any Apple device are urged to download the new update before using a public Wi-Fi network in order to prevent hackers gaining access to data being used on any website.

The problem will be further solidified when iOS 7.1 is rolled out next month with no large-scale update for OS X planned at the same time.