According to Matt Green, a JohnsHopkinsUniversity professor specializing in encryption, a hacker “can basically set up a connection and pretend to be Google.com.” When software is programmed properly, it should be able to recognize the authenticity of a legitimate site. But, Apple acknowledged, “The software failed to validate the authenticity of the connection.”
Apple has long been celebrated as the bug free computer with hardly any viruses to worry about compared with a traditional PC. So this glitch may come as a shock that creates lots of questions to be answered.
How Did This Happen?
Apple did not comment on when or how it learned about the bug in their software or whether this flaw was being exploited. “We are aware of this issue and already have a software fix that will be released very soon,” said Apple spokesperson Trudy Muller.
However, it is possible that any insecure connection used by iOS software could be at risk.
The core issue stems from the software mishandling digital certificates used to establish secure encrypted connections. In Mac computers, the flaw lies in missing code. Without the code, the software fails to verify connection and site authenticity.
Who Does This Affect?
“At this early stage, the vulnerability has been confirmed in iOS versions 6.1.5, 7.0.4, and 7.0.5, and OS X 10.9.0 and 10.9.1,” Arts Technica reported. Unfortunately, this means that practically all Apple users have been at risk possibly for weeks or months.
The good news? No one has yet to report any stolen information. Because of this, it is important that Mac users remain on only secure connections in order to protect their privacy and identity.
Why Is This Important?
Because of technology’s changes, the majority of the digital age users do almost everything online. From banking to money transfers to private emails to private information via social networks, any phone or computer that fails to verify the authenticity of the connection means nothing a user does is protected.
What’s Next?
Apple has released a patch; however, some users have complained about their phones freezing up after downloading the patch. The patch was released Friday, and Apple believes there is no connection between their patch and phones locking up.
There is still no patch for Mac computers, so they remain vulnerable to these hackers.
Although hackers could potentially have intercepted emails, they could also have intercepted credit card numbers, bank statements, and addresses. Many experts believe it is unlikely any hackers were actually able to retrieve any personal information, but they agree it is not worth the risk to use insecure wireless connections until it is certain the patch has worked.
When downloading the patch, Apple users are advised to do so on a secure network because hackers could interfere with the download. And, now that this security breach is common knowledge, it is vital to update any Apple products. If hackers were unaware of Apple’s flaw then they are aware now and could try to attack any phone or other device still housing this flaw.