Apple Works To Fix Security Flaw In Software
The error was in validating secure connections with websites, which keeps others from seeing your activity on protected sites like Gmail and Facebook.
When a device connects to a website, it establishes a secure connection by having the website validate its authenticity. Without a secured connection, a hacker on the same wireless network as you could intercept your connection and read or change the data inside of it, Johns Hopkins University professor of cryptology Matthew Green told Benzinga.
That means that anyone using a shared network, like public WiFi, to access Facebook, emails or bank accounts is at risk of an attacker gaining access to that information or installing malware.
The company released a patch and an update on February 21 for iPhones, iPads and iPod touches that fixes the security problem. The update is available for iPhone 4 and newer, fifth-generation iPod Touch and iPad 2 and newer . But Mac laptop and desktop computers running the Mac OS X operating system are still at risk.
“The impact is that, if you're traveling right now with a Mac and you use a mail app or Safari, someone could access your information,” Green said.
Apple is expected to release a software update for the OS X shortly, Reuters reports.
“We are aware of the this issue and already have a software fix that will be released very soon,” Apple spokeswoman Trudy Miller told Reuters.
Apple didn't say how or when it found the error, just that the operating system “failed to validate the authenticity of the connection” in notes released with the update.
Green said the security flaw was caused by a small coding error. A line of the authentication code was copied twice, and it caused the system to bypass the rest of it.
“It causes an unexpected issue, where a big chunk of code gets skipped and it doesn't check the connections,” Green said.
© 2014 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.