Categories
Compliance > Privacy

Apple iOS and OS X Critical Vulnerability

Recently Apple released updates that contain a critical security patches that address flaws with SSL encryption which could allow attackers to intercept email and other communications that are meant to be encrypted in iPhone, iPad and Mac computers.

Apple released a “security advisory” in which they provide vague statements regarding said security issues:  ‘For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.‘

Apple did not say when or how it learned of the vulnerability, but the bug appears to exist in some versions of iOS 6, iOS7, Mac OS X, and Apple TV.  iOS 6.1.6 and 7.0.6 were recently released to fix the issue.  The bug appears to also have been introduced in OS X 10.9.  OS X 10.91 is still affected.

This flaw affects the basic security that Apple uses to implement SSL connection.  The main risk is when using an affected device in untrusted environments where someone could be eavesdropping – free unsecured wifi such as coffee shops, airports and hotels.  According to the post by Brian Krebs, For now, it may be wise to avoid using Safari on OS X systems. As Dan Goodin at Ars Technica writes, “because the Google Chrome and Mozilla Firefox browsers appear to be unaffected by the flaw, people should also consider using those browsers when possible, although they shouldn’t be considered a panacea.”

Sources:

http://www.digitalmunition.net/?p=823

https://www.imperialviolet.org/2014/02/22/applebug.html