Apple security flaw fixed for iPhones and iPads, but laptops remain vulnerable
Published Monday, February 24, 2014 10:31PM EST
Apple’s latest update to the operating systems used on iPhones and iPads has fixed a serious security flaw, but experts are warning that laptops and desktop computers remain vulnerable to hackers.
On Friday, Apple released an update to its operating system, iOS, and said that the previous version had a vulnerability that could allow computer hackers to monitor communications that would normally be encrypted.
Ashkan Soltani, an independent privacy and security researcher, told CTV News Channel on Monday that communication over email and with banks have been compromised due to the bug.
“When you go to your bank’s website or when you go to a secure website, your password and bank information is often encoded in a way that eavesdroppers could not monitor them,” Soltani said. “But this flaw allows for an attacker to look into those encrypted communications.”
The bug is related to the way the operating system interacts with what’s called SSL (Secure Sockets layer), the technology that encrypts sensitive data between computers and servers. Before the update, the operating system was not properly verifying a website’s security certificates, allowing for a hacker to pose as your email, or your bank, and get their hands on sensitive information.
“An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,” Apple told users about the bug.
Soltani says this kind of computer hack, known as a “Man-in-the-middle attack,” is not that sophisticated.
“So when I think I am having a conversation with my bank, or my mail provider, someone is actually sitting between that traffic and my communications and they can do that without me knowing,” Soltani said.
Apple has provided a fix for iPhones and iPads by releasing iOS 7.0.6. But Soltani says the current operating systems for Apple desktops and laptops -- OSX 10.9.1 -- has the same security flaw, leaving computer users vulnerable to attacks.
“We’ve not seen a statement from Apple or a release of an update,” he said. “I’m guessing they are scrambling to roll it out as quickly as they can.”
He says that Chrome and Firefox Internet browsers don’t suffer from the bug, but Apple’s Safari browser and email systems are both vulnerable.
Soltani suggests that until the fix is made, computer users should disable their “background” services like their email when browsing sites such as Facebook and Twitter.