Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Apple Hears SOS from iOS — Fixes Major Security Flaw in Mobile Operating System. Still Working on Patch for OS X

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Apple users, remember the good old days? When you never heard the words “security” and “fix” in the same sentence? If you really needed another reminder they’re over, here’s the latest.

Brian Krebs of reports that Apple released an “update iOS 7.0.6 [to address] a glaring vulnerability in the way Apple devices handle encrypted communications. The flaw allows an attacker to intercept, read or modify encrypted email, Web browsing, Tweets and other transmitted data, provided the attacker has control over the WiFi or cellular network used by the vulnerable device.”

The bug, writes Dylan Love on, is called Gotofail and refers to a computer’s “goto” command. The malware works by tricking “your [Apple device] into thinking that it’s communicating with safe, highly trusted servers on the Internet even if those servers are being used by hackers to monitor and alter the data you send and receive online, even if it’s encrypted.”

Something else Apple users might want to know. There’s been speculation about whether the vulnerability was a mistake or whether Apple intentionally left the backdoor open. And whether it was open long enough to let the bug in.

Ars Technica’s Dan Goodin advises Apple users that for the time being they should avoid using Safari on OS X systems until Apple makes a fix available. Instead, he suggests, “because the Google Chrome and Mozilla Firefox browsers appear to be unaffected by the flaw, people should also consider using those browsers when possible, although they shouldn’t be considered a panacea.”

By ThreatMetrix Posted