Apple’s security hole is growing wider and wider.
The company divulged on Friday that it found a major vulnerability that would let a hacker intercept email and other secure communication sent from iPhones and iPads on Friday. Hours later, outside experts found the same flaw in the Safari browser on Mac computers.
By Sunday, security expert Ashkan Soltani tweeted that he found the “goto fail” vulnerability — named after the single line of code responsible for the problem — embedded in Calendar, Facetime, Keynote, Twitter, Mail and iBooks applications on Macs running the OS X operating system.
The security flaw worried many who said it would allow someone sharing a WiFi network with you — say, at a coffee shop or an airport — to see and change messages meant to be sent securely. According to Soltani, even Software Update, the application that installs security fixes on Macs, is vulnerable.
After Apple published a security patch for the iOS problem (just go to “Settings” on your iPhone or iPad and do a software update), the race to find the “goto fail” bug on other Apple products was on.
Here are some of the apps which rely on the vulnerable Apple #gotofail SSL library beyond Safari /cc @a_greenberg pic.twitter.com/ombDOOa01A
— ashkan soltani (@ashk4n) February 23, 2014
A few hours later on Friday, researchers at the security startup CrowdStrike replicatedthe hack on Mac computers running the operating system OS X, finding that supposedly secure messages sent from Safari (but not necessarily from Firefox or Chrome) were vulnerable to be being read and altered mid-flight. After Soltani’s find, we know it’s affecting many more applications, too.
“We are aware of this issue and already have a software fix that will be released very soon.” an Apple spokesperson told The Huffington Post.
Until then, keep your Mac away from your neighborhood coffee shop’s WiFi.
Source: Huffington Post