February 24, 2014

Apple's Embarrassing Security Flaw

iOS 7
On February 21, 2014, Apple quietly released iOS 7.0.6 to the public. But the update didn’t include new features or performance improvements, it was a security patch and you should update now!

The update provided a fix for a SSL (Secure Sockets Layer) connection verification issue that allowed the operating system to be vulnerable to a “man-in-the-middle” attack. This is when an attacker could pose as a trusted source or website. These attacks are usually foiled by SSL/TLS or make it really hard that it won’t be worth the time. But Apple’s bug makes it easy. Really easy.

Basically, if you’re in a public network, a hacker on the same network can intercept communications on your device if it has a SSL connection verification issue. They can access emails, Facebook, and other sensitive information. They can read and change everything in real-time and you won’t know who it is. A complete stranger could accomplish this attack as long as they are in the same Starbucks as you.

What’s worse? OS X appears to have the same issue yet there is no fix yet.

Apple stated that an update for OS X will be out “very soon”. Until then, using Firefox or Chrome web browsers would be the best way to protect your information since they are not affected on OS X. Native apps such as Twitter and iCal are also susceptible to this security flaw. When the update does come out for OS X, you should download it immediately.

How this issue occurred is unknown as Apple is not saying anything. Probably too embarrassed to tell since the door has been open since 2012.

If you haven’t updated to iOS 7.0.6 or 6.1.6 for older devices, what are you waiting for?

Sources - AppleGizmodo