At the weekend Apple released an update for both iOS 7 and 6, acknowledging that the systems had a hitherto unsuspected flaw. The updates protect phones against potential hacking attacks, that could intercept email and other communications.
Fairfax Media was among the outlets reporting the updates that would affect the following iOS devices – the iPad 2 and later, iPhone 4 and later and iPod touch (fifth generation).
Releasing a support document with the security update, Apple said the fix would repair a vulnerability that could possibly allow an attacker with a “privileged network position” to “capture or modify data protected by SSL/TLS,” according to MacRumors.
But the problem isn’t limited to iOS. Security firm CrowdStrike ran a Q&A on its web page over the weekend, confirming, “The vulnerability affects both the iOS and OS X operating systems,” adding, “We expect Apple to release an update [for OS X] soon.” The company’s chief technology officer, Dmitri Alperovitch told Fairfax Media that the issue was “a fundamental bug in Apple’s SSL implementation.”
Apple spokesperson Trudy Muller confirmed that notebooks and desktops running OS X could also be vulnerable and added, “We are aware of this issue and already have a software fix that will be released very soon.”
Joseph Menn, writing for Fairfax Media, suggests that the delay between the two updates has “started a race, as intelligence agencies and criminals will try to write programs that take advantage of the flaw on Macs before Apple pushes out the fix for them”.
“It’s as bad as you could imagine, that’s all I can say,” Johns Hopkins University cryptography professor Matthew Green told Fairfax.
In the meantime, while many mobile devices running the OS will update automatically, users are advised to run a software update by going to Settings > General > Software Update.