Market Overview

Apple Works To Fix Security Flaw In Software

Related AAPL
Apple iPad Sales Could Reach 20 Million In The December Quarter; Does It Matter?
#PreMarket Primer: Friday, December 19: U.S. Debates A Response To Sony Hackers
BlackBerry CEO Talks 'Classic' Debut, Strategy (Fox Business)

A security flaw in Apple (NASDAQ: AAPL) software could allow hackers to access information on its devices.

The error was in validating secure connections with websites, which keeps others from seeing your activity on protected sites like Gmail and Facebook.

When a device connects to a website, it establishes a secure connection by having the website validate its authenticity. Without a secured connection, a hacker on the same wireless network as you could intercept your connection and read or change the data inside of it, Johns Hopkins University professor of cryptology Matthew Green told Benzinga.

That means that anyone using a shared network, like public WiFi, to access Facebook, emails or bank accounts is at risk of an attacker gaining access to that information or installing malware.

Related Here's What You Need To Know About Apple On Monday, February 24, 2014

The company released a patch and an update on February 21 for iPhones, iPads and iPod touches that fixes the security problem. The update is available for iPhone 4 and newer, fifth-generation iPod Touch and iPad 2 and newer . But Mac laptop and desktop computers running the Mac OS X operating system are still at risk.

“The impact is that, if you're traveling right now with a Mac and you use a mail app or Safari, someone could access your information,” Green said.

Apple is expected to release a software update for the OS X shortly, Reuters reports.

“We are aware of the this issue and already have a software fix that will be released very soon,” Apple spokeswoman Trudy Miller told Reuters.

Apple didn't say how or when it found the error, just that the operating system “failed to validate the authenticity of the connection” in notes released with the update.

Green said the security flaw was caused by a small coding error. A line of the authentication code was copied twice, and it caused the system to bypass the rest of it.

“It causes an unexpected issue, where a big chunk of code gets skipped and it doesn't check the connections,” Green said.

Posted-In: ForbesEducation News Rumors Psychology Tech Interview General Best of Benzinga

 

Related Articles (AAPL)

Around the Web, We're Loving...

Get Benzinga's Newsletters