At the tail end of last week Apple slipped an update to iOS users that patched a major security bug that had been unknowingly affecting users for who knows how long. The same bug persists for OS X, acutely affecting a selection of Apple apps.
" />

Apple patches SSL bug in iOS, but OS X apps still affected

At the tail end of last week Apple slipped an update to iOS users that patched a major security bug that had been unknowingly affecting users for who knows how long. The same bug persists for OS X, acutely affecting a selection of Apple apps, while a fix is in the works.

The issue, which stems from what was likely a simple oversight in the code, makes iOS and OS X devices susceptible to SSL man-in-the-middle attacks. When accessing a public WiFi network (such as at a coffee shop), it is relatively easy for someone with malicious intentions to slip in between the user and whatever internet-connected service they are using, syphoning off any data transmitted between the two. This could be anything from usernames and passwords to credit card numbers and payment information.

os-x-ssl-threat

The good news is Apple addressed the issue for iPhone and iPad with an update to iOS 7.0.6 (or iOS 6.1.6). If you haven’t updated to this latest software, stop everything and do so now.

As for OS X? While a patch is said to be in the works, there are a few particular apps that should be avoided if you want to be totally safe. Here’s the list:

  • Safari
  • Calendar
  • Facetime
  • Keynote
  • Twitter
  • Mail
  • iBooks
  • Software Update

Obviously, Safari is the big one here, as any website or service accessed via the browser could potentially be targeted by hackers, including the likes of Amazon and Gmail.

How such a bug went unnoticed for so long is hard to say, but it amounts to one of the most serious security threats for users in recent memory. So update those iOS devices and be wary using certain Apple apps on public networks for the time being. We imagine the OS X fix will be coming along shortly.

[Ashkan Soltani via Gizmodo]

Continue reading:

TAGS: