CBS News - There is a major security flaw in the software for Apple phones, the company announced Friday night.
“Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,” Apple wrote in the statement. “Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.”
The flaw is a Secure Socket Layer (SSL) vulnerability that allows hackers to “intercept and alter communications such as email and login credentials,” according to ZDNet.
A hacker “can basically set up a connection and pretend to be Google.com,” Matt Green, a Johns Hopkins University professor specializing in encryption, told Ars Technica. Then, as CNET explains, financial or password data to be collected and used against the individual.
If you’ve logged onto WiFi from a coffee shop, hotel, airport or other public space, you could be at risk. Hackers could have worked their into your phone through the insecure connection, where they could have accessed any information you’ve shared through your phone — including credit card numbers and addresses.
Apple released iOS 7.0.6 to patch the flaw. But downloading the upgrade was causing many phones to freeze up.
Over the weekend, it became clear that there is also a flaw with the OS X operating system, used on Macs. Apple says it is working on a software fix for OS X which should be available in coming days.
“At this early stage, the vulnerability has been confirmed in iOS versions 6.1.5, 7.0.4, and 7.0.5, and OS X 10.9.0 and 10.9.1, meaning it has silently exposed the sensitive communications of millions of people for weeks or months,” reported Arts Technica.
For the time being, Mac users should not log in through insecure or public networks.