Apple security flaw alert


Those of you who use any Apple products should take steps to fix a major security flaw that has been exposed. This flaw implicates a breakdown in its SSL protocols and so enables a third party to intercept communications between you and any site that you visit. Apple has issued patches to fix this for its iPad and iPhones and you should immediately install them by going to Settings->General->Software Updates.

Those with Mac computers using OSX are also vulnerable and although Apple says that a patch to fix that will be issued soon, it has not done so yet. Hence you should not use the browser Safari to interact with sites that use your sensitive information, with which you have any financial dealings, and that require passwords (such as banks and other companies) until this fix arrives. You can still use Firefox and Chrome.

Brian Barrett explains what this security breach is all about.

Comments

  1. jamessweet says

    The exploit is pretty simple, too, and doesn’t require any added infrastructure (i.e. you don’t need to have a big botnet crunching away at numbers or anything). The one comforting piece of it is that you need to have what Apple is calling a “privileged network position” — you have to be on the same network. So if you are on your WPA-protected router in your own home, there is no real risk.

    That said, this basically makes HTTPS completely broken on any public WiFi network. Oops.

Leave a Reply

Your email address will not be published. Required fields are marked *