Friday Apple (AAPL) revealed that a major SSL (Secure Socket Layer) flaw in its software for mobile devices could allow hackers to capture or modify data in supposedly secure sessions.
Apple did not say when or how it learned about the vulnerability that leaves iPhone, iPad and Mac computer users open to an attack, but a new version of its iOS, the iOS 7.0.6 (Build 11B651), for its tablets and phones that includes a patch for SSL connection verification was rushed out the door Friday.
In a statement on its support website Apple simply said that the software “failed to validate the authenticity of the connection.”
“If attackers have access to a user’s network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook (FB),” experts told Reuters News.
The patch has only been issued for the more recent iPhones 4 and later, 5th-generation iPod touches, and iPad 2 and later. Unfortunately, Mac computer users, who are more exposed to the flaw, are currently left hanging without a fix. Apple has not released a statement on when to expect this patch.
Shares of Apple last closed down $5.90, or 1.11%, at $525.25.
Leave a Reply