News

Apple’s major OS X SSL security bug will be fixed “very soon”

Apple will update OS X to fix a major security issue soon after issuing an urgent update to iOS 7 over the weekend

MacWrap

main

A major security hole in OS X 10.9.1 will be fixed with an update “very soon” according to an Apple spokesperson. The bug, which it’s thought was caused by a missing bracket in a line of code, allows attackers to capture or modify data protected by SSL protocols in Safari, Mail, Twitter, iMessage and more.

The bug was also affecting iOS users until Apple issued an emergency update to the system over the weekend to plug the hole. Shortly afterwards, it was found that the same issue was present on the Mac as well.

Ashkan Soltani, the researcher who discovered just how many apps the flaw affects, notes that apps like FaceTime and iMessage have their own extra security measures to encrypt data, however the Apple ID login data may not be so secure.

Soltani found out that several of OS X's built-in apps were vulnerable to the security hold. Click image to enlarge
Soltani found out that several of OS X’s built-in apps were vulnerable to the security hold. Click image to enlarge

Users can visit gotofail.com to check if they are affected by the flaw, and while we wait for a fix, it’s advised that users avoid inputting sensitive data, like online banking details and personal passwords when accessing public or unsecured networks, such as those available in coffee shops. For those who still haven’t updated their devices to iOS 7.0.6, it is also recommended that you do so immediately, and keep an eye out for the Mac update in the next few days.

×