Apple Inc (NASDAQ:AAPL) promised that it will release a software update for Mac computers “very soon” to prevent the ability hackers and spies to gain access to user’s e-mail, financial information, and other sensitive information from their devices, according to Reuters.
Trudy Muller, spokesperson for Apple Inc (NASDAQ:AAPL) confirmed reports that a major security vulnerability is present in iPhones and iPads were also present on its Mac notebooks and desktops powered by the OSX operating system.
“We are aware of this issue and already have a software fix that will be released very soon,” according to Trudy.
Last Friday, Apple Inc (NASDAQ:AAPL) released the software update 7.0.6 to the iOS together with new builds for the iOS 6 and Apple TV that will fix “SSL connection verification. The update will automatically run on majority of the mobile devices running iOS.
Experts immediately analyzed the software fix released by the iPhone and iPad maker, and they found that a similar security flaw is present in the Mac computers. In a report, John Costello, Sr. SDET Engineer and Alex Radocea, Sr. Engineer of Crowdstrike described the security vulnerability in the iOS and OSX operating systems.
According to them, “To pull off the attack an adversary has to be able to Man-in-The-Middle (MitM) network connections, which can be done if they are present on the same wired or wireless network as the victim. Due to a flaw in authentication logic on iOS and OSX platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake.”
They added, “ enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system).”
Costelo and Radocea advised users to immediately update their devices and systems to the latest available versions of iOS released by Apple Inc (NASDAQ:AAPL). They believe the company will soon release a software fix to the OSX for Mac computers
Johns Hopkins University cryptography professor Matthew Green commented that the flaw in the operating systems of Apple Inc (NASDAQ:AAPL) is “bad as you could imagine.”
On the other hand, Adam Langley, an engineer at Google Inc (NASDAQ:GOOG) responsible in dealing with similar programming issues opined in his personal blog that the flaw is “just a mistake.” He added, “I feel very bad for whomever might have slipped.”