Feb 28Apple Hears SOS from iOS — Fixes Major Security Flaw in Mobile Operating System. Still Working on Patch for OS X
Apple users, remember the good old days? When you never heard the words “security” and “fix” in the same sentence? If you really needed another reminder they’re over, here’s the latest.
Brian Krebs of KrebsonSecurity.com reports that Apple released an “update iOS 7.0.6 [to address] a glaring vulnerability in the way Apple devices handle encrypted communications. The flaw allows an attacker to intercept, read or modify encrypted email, Web browsing, Tweets and other transmitted data, provided the attacker has control over the WiFi or cellular network used by the vulnerable device.”
The bug, writes Dylan Love on businessinsider.com, is called Gotofail and refers to a computer’s “goto” command. The malware works by tricking “your [Apple device] into thinking that it’s communicating with safe, highly trusted servers on the Internet even if those servers are being used by hackers to monitor and alter the data you send and receive online, even if it’s encrypted.”
Something else Apple users might want to know. There’s been speculation about whether the vulnerability was a mistake or whether Apple intentionally left the backdoor open. And whether it was open long enough to let the bug in.
Ars Technica’s Dan Goodin advises Apple users that for the time being they should avoid using Safari on OS X systems until Apple makes a fix available. Instead, he suggests, “because the Google Chrome and Mozilla Firefox browsers appear to be unaffected by the flaw, people should also consider using those browsers when possible, although they shouldn’t be considered a panacea.”