February 24, 2014
Apple’s Mac OS Suffers Same Security Flaw As Its Mobile Version
[ Watch the Video: Apple’s iOS Security Problems ]
Lee Rannals for redOrbit.com - Your Universe Online
Apple confirmed to Reuters over the weekend that its computer operating system contains the same security flaw its mobile operating system once had.
Apple released a new iOS 7.0.2 update last Friday after finding an SSL/TSL security flaw that allowed hackers to spy on customer activity. The company told Reuters over the weekend that its OS X software also has the same vulnerability, and it plans to release a fix for it as well “very soon.”
"We are aware of this issue and already have a software fix that will be released very soon,” Apple spokeswoman Trudy Muller told Reuters' Joseph Menn.
After Apple released the iOS security fix on Friday afternoon, experts looked into it and found that the flaw also appeared in the company’s computer operating system, which is installed on iMacs, MacBooks, MacBook Airs and its other desktop computers.
The flaw lies in the way the software recognizes the certificates used by secure services like banking sites to establish encrypted connections. A single line in the program and an omitted bracket means those certificates were not authenticated so hackers are able to impersonate the website and capture all electronic traffic before passing it along to the real site.
Essentially, hackers could use this flaw to spy on a neighbor’s bank account and get login information. Security experts have also found that the flaw may affect more than just Safari, Apple’s Web browser.
Ashkan Soltani has pointed out on his Twitter feed that Apple’s vulnerability also affects FaceTime, iMessage, Twitter, Calendar, Keynote, Mail, iBooks, Software Update and more. However, the security researcher pointed out that apps like FaceTime and iMessage have added security measures that would counteract the security flaw.
Industry experts are telling users to avoid unsecured WiFi networks in public places where hackers may take advantage of the security flaw. Researchers say the bug has been present for months, but no one had reported it publicly before so hackers may have not even known about it.
Friday’s iOS update was quietly made available, in the midst of the company reportedly creating its iOS 7.1 update. For months Apple has been sending beta versions of its iOS 7.1 software update, but not even these beta versions brought to light any SSL security flaws.