Apple Security Flaw Is “As Bad As You Could Imagine”By: Ashley Olds - February 23, 2014
Apple is performing an emergency software fix this week to correct a security flaw putting both iPhone and Mac users at risk.
After it was brought to their attention that hackers could enter systems by email, Apple, Inc. issued an official announcement acknowledging the oversight and their team promptly began to work on updated software to protect users. On Saturday, the company indicated that damage control would be forthcoming to halt hackers before they could lift private data from iPhones or Macs. Per the Orlando Sentinel on Sunday, Feb. 23, iPhone users probably already received their notification regarding that security update. Mac users, contrarily, remain at risk until updates can be issued for them too.
Apple says those fixes are coming “very soon”.
Why did this breach happen? There doesn’t seem to be one concrete explanation. However, researchers have said Apple itself was culpable in that it performed “inadequate testing.” It was likewise described as a “fundamental bug in Apple’s SSL implementation,” by Dmitri Alperovich, chief technology officer at security firm CrowdStrike Inc.
In addition to iPhones and iPads, the report stated that any kind of desktop device or notebooks that run Mac OS X are also at risk, as the security error is present in them as well. Although iPhones are in the clear, the proverbial bad guys are likely working around the clock to concoct programs that pry into private data of Mac users before their resolution can arrive.
One way in which tech-villains can do this is by gaining entry to a given mobile user’s network.
This could be done in a coffee house or restaurant, where an unsecured wireless service is offered. In this situation, a hacker can observe and alter the interactions of someone using a protected website – be it their email or social networking site. Johns Hopkins University cryptography professor, Matthew Green explained that in the absence of a fix, hackers impersonate these sorts of protected sites. Then they can pilfer private data as they watch financial or other data go between the user and the actual site.
“It’s as bad as you could imagine, that’s all I can say,” Green stated.
Apple did not acquiesce to comment requests beyond a statement offered this week:
“We are aware of this issue and already have a software fix that will be released very soon.”
Image via Youtube