Apple Hears SOS from iOS — Fixes Major Security Flaw in Mobile Operating System. Still Working on Patch for OS X

Posted on February 28th, 2014 by Dan Rampe

Apple IOS

Apple users, remember the good old days? When you never heard the words “security” and “fix” in the same sentence? If you really needed another reminder they’re over, here’s the latest.

Brian Krebs of KrebsonSecurity.com reports that Apple released an “update iOS 7.0.6 [to address] a glaring vulnerability in the way Apple devices handle encrypted communications. The flaw allows an attacker to intercept, read or modify encrypted email, Web browsing, Tweets and other transmitted data, provided the attacker has control over the WiFi or cellular network used by the vulnerable device.”

The bug, writes Dylan Love on businessinsider.com, is called Gotofail and refers to a computer’s “goto” command. The malware works by tricking “your [Apple device] into thinking that it’s communicating with safe, highly trusted servers on the Internet even if those servers are being used by hackers to monitor and alter the data you send and receive online, even if it’s encrypted.”

Something else Apple users might want to know. There’s been speculation about whether the vulnerability was a mistake or whether Apple intentionally left the backdoor open. And whether it was open long enough to let the bug in.

Ars Technica’s Dan Goodin advises Apple users that for the time being they should avoid using Safari on OS X systems until Apple makes a fix available. Instead, he suggests, “because the Google Chrome and Mozilla Firefox browsers appear to be unaffected by the flaw, people should also consider using those browsers when possible, although they shouldn’t be considered a panacea.”

ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix™ Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.