- Digital Identity Summit 2017: Brian Krebs Named as Keynote as Call for Speakers and Award Nominations Open
- Top 5 Reasons to Vote ThreatMetrix for the MRC People’s Choice Technology Award!
- Organized Fraud Rings Target Online Lenders and Emerging Financial Services, Reveals New ThreatMetrix Report
- ThreatMetrix Momentum Accelerates for Full Year 2016
- Digital Identity Summit 2017 Expands into Hong Kong, London and San Francisco
Apple users, remember the good old days? When you never heard the words “security” and “fix” in the same sentence? If you really needed another reminder they’re over, here’s the latest.
Brian Krebs of KrebsonSecurity.com reports that Apple released an “update iOS 7.0.6 [to address] a glaring vulnerability in the way Apple devices handle encrypted communications. The flaw allows an attacker to intercept, read or modify encrypted email, Web browsing, Tweets and other transmitted data, provided the attacker has control over the WiFi or cellular network used by the vulnerable device.”
The bug, writes Dylan Love on businessinsider.com, is called Gotofail and refers to a computer’s “goto” command. The malware works by tricking “your [Apple device] into thinking that it’s communicating with safe, highly trusted servers on the Internet even if those servers are being used by hackers to monitor and alter the data you send and receive online, even if it’s encrypted.”
Something else Apple users might want to know. There’s been speculation about whether the vulnerability was a mistake or whether Apple intentionally left the backdoor open. And whether it was open long enough to let the bug in.
Ars Technica’s Dan Goodin advises Apple users that for the time being they should avoid using Safari on OS X systems until Apple makes a fix available. Instead, he suggests, “because the Google Chrome and Mozilla Firefox browsers appear to be unaffected by the flaw, people should also consider using those browsers when possible, although they shouldn’t be considered a panacea.”