What’s worse than hackers and viruses?
Your device being vulnerable to their attacks. And you could not do a thing about it.
Last Friday, February 21, 2014, Apple rushed the release of iOS 7.0.6 with a patch for a shockingly overlooked SSL (Secure Socket Layer) encryption issue. This endangers iPhone, iPad and Mac computer users open to a man-in-the-middle (MITM) attack. Apple’s software for mobiles, tablets and desktops is not doing its own share of SSL/TLS hostname checking; this means that communication done with these devices that are meant to be encrypted,?are not.?It can also affect all available Apple devices and?allow hackers to intercept and alter communications such as email and login credentials. Hating this news bit so far? So are we.
Unfortunately, Apple has not released a statement about the matter. This made Apple users angry all over the world because nobody even knows for sure which?iPhone, iPad, iPod touch, or Mac computer is affected by the major, and somewhat shocking, flaw.
Users have taken to ?Twitter their disappointment.
“I’m not going to talk details about the Apple bug except to say the following. It is seriously exploitable and not yet under control.”
– Matthew Green, @matthew_d_green
Today’s show was brought to you by Apple, SecureTransport, and the letters SSL. Oh wait, the letters SSL didn’t actually do anything.
-?Dino A. Dai Zovi, @dinodaizovi
So goto fail was added before October 2013. It is in 10.9 but not 10.8.5; and it is in iOS 6.1 and iOS7…Ouch. Long time to not support SSL
-?the grugq, @thegrugq
It gets worse. The flaw will allow anyone with a certificate signed by a “trusted CA” do a man-in-the-middle (MITM) attack. That is a red flag right there.
A man-in-the-middle attack ?intercepts communication, especially unencrypted passwords, between yourself and the recipient of the message or the website. The attacker will be able to read, insert and modify the data or information you will be sending in the communication process.?Of course, if the hacker has access to your personal data, he/she could also impersonate a trusted website to install malware or steal valuable data from you.
Now, users are just waiting for Apple to do something about this major flaw.