Users of Apple computers and iPhones may be shaken to the core at news of a major security flaw that could allow cyber spies and hackers to grab emails, financial information and other data from their devices.
Here’s what you need to know.
1. It’s Time for Some Updates — Right Now.
On Friday, Apple rushed the release of a fix for mobile devices running iOS, and most will update automatically, reports Reuters. The iOSs affected by this bug are as follows: iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2.
You can follow the instructions on how to check your Apple device to see if it is running an affected version of the iOS. If it is, download the latest version and upgrade your iOS. You can also go to your Settings menu to update your system through the “General” submenu.
This is the kind of update that should not be ignored, and it doesn’t take long to install. Apple has pushed out updates for iOS 7 users, as well as for iOS 6 users who’ve been wary to make the jump to the firm’s newest system. The firm has also released an update for Apple TV.
2. What Is This Flaw?
Affecting iOS devices and Mac computers, the bug allows a hacker to view unencrypted traffic that was believed to be encrypted, between the user and a website. What this means is that when doing online banking or ecommerce purchases, all of your traffic could be unencrypted which could result in a man-in-the-middle attack. That’s high-tech eavesdropping in which an attacker on a shared network intercepts the communication between your browser and a site to monitor and record everything that you do over the Web.
The good news: A hacker must be on your local area network to exploit this bug, and if the WiFi or network you are on is using secure methods for access, the risk is minimized. In other words, if a hacker wanted to sit in a coffee shop and monitor WiFi traffic all day looking for affected versions of the Apple iOS, he or she could potentially steal your banking information. So take the cue: Avoid using your devices on a public network at least in the short-term.
3. What Caused the Problem?
According to Adam Langley with Google, the root cause of the bug is a simple inadvertent line of code (“goto fail;” statement) that causes the browser or application to bypass the verification step. Instead, the browser will accept any SSL key during the SSLVerifySignedServerKeyExchange step without verifying the signature of the SSL cryptographic key.
SSL stands for Secure Sockets Layer, and it’s what helps ensure that communication between your browser and your favorite websites’ servers remains private and secure.
4. How Can You Prevent Problems?
If you have an iOS device such as an iPhone or iPad, you need to download 7.0.6 immediately. If you have a 3GS or an old iPod touch, you can download iOS 6.1.6 instead. Apple says it will issue a software update “very soon” for notebooks and desktop machines running Mac OS X, so until that is done, they remain vulnerable. In the meantime, use Google Chrome or Firefox, which aren’t affected on OS X—and make sure you stay on secured networks try to avoid making online financial transactions or sharing sensitive personal details.
More on Identity Theft:
- Identity Theft: What You Need to Know
- How Do I Dispute an Error on My Credit Report?
- 3 Dumb Things You Can Do With Email
- The Risks You Face From Identity Theft
- How Can You Tell If Your Identity Has Been Stolen?
- What Should I Do If I’m a Victim of Identity Theft?
- How Credit Impacts Your Day-to-Day Life