Apple Issues Fix For Mac OS X Vulnerability
Update will finally patchSSL security vulnerability also found in iOS devices last week
Following warnings last week that its users were being left vulnerable to security breaches whilst using the Internet, Apple has issued a fix for its OS X operating system.
The new patch follows a similar fix for devices running iOS 7 last week. A further investigation revealed that the problems also existed on Apple devices running the Mac OS X software, such as laptops and desktop computers.
Apple recommends users install the update immediately to improve ‘the stability, compatibility, and security of your Mac’.
Mac attack
It was revealed last week that users of iOS 7 devices such as iPhones and iPads were at risk from “attackers with a privileged network position” who might be able to capture or modify data when their victims accessed public Wi-Fi networks.
The vulnerability is related to the way secure connections are made between Apple’s Safari browser and websites using digital security certificates, for example online banking resources, Google and Facebook.
The flaw meant that these security certificates were not being checked properly, meaning that hackers could impersonate a website, allowing them to capture the data that was being sent over the now insecure connection before letting it continue its journey to the real website.
In a statement, Apple said that the security flaw had apparently existed for months but was never publicly disclosed. This led the company to come under severe criticism in the last few days for exposing such a critical vulnerability in its own software and then having no immediate fix available.
The update mentions programs including Mail, Facetime, iMessage, Software Update and more, signalling that all these widely-used applications were at risk.
Despite being hailed as a secure product, iOS has had several vulnerabilities highlighted in the recent months. Earlier this year, the company was forced to deny it had installed a ‘backdoor’ which would allow security agencies such as the US National Security Agency to spy on users, following claims that the agency regularly hacked targets using the device.
iOS has also repeatedly been exploited by researchers at the Hewlett-Packard sponsored Pwn2Own hacking challenge in 2010, 2011, 2012 and 2013.
Are you a security expert? Try our quiz!
Originally published on eWeek.