According to Reuters, a very serious flaw in Apple Inc. (NSDAQ:AAPL)’s iOS could make it easy for hackers to break its encryption and intercept email and other communications.
This can take place in a shared wireless environment such as restaurants or cafes. A hackers sitting as man-in-the-middle can intercept and break what is supposed to be encrypted communication. The hacker could also impersonate a trusted website users access and grab valuable information that otherwise should be secure.
Mac computers were even more at risk experts say. The recent 7.0.6 iOS security patch on Friday was not a routine update, but a patch to this major SSL encryption flaw. users are advised to update as soon as possible.
Here’s what Apple Inc. (NASDAQ:AAPL) support site say about the patch:
Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
Matthew Green, a professor of cryptography at Johns Hopkins University told Reuters “It’s as bad as you could imagine, that’s all I can say,”
Without the fix, a hacker could impersonate a protected site and sit in the middle as email or financial data goes between the user and the real site
This is an embarrassment to the technical prowess of Apple Inc. as the flaw seems a fundamental issue in Apple’s SSL implementation and well-known encryption protocols’ way of implementation was a basic knowledge among experts.
Reuters also reported that Apple Inc. was recently hit with leaked documents that say authorities had 100% success rate breaking into Apple’s iPhones.
I'm not going to talk details about the Apple bug except to say the following. It is seriously exploitable and not yet under control.
— Matthew Green (@matthew_d_green) February 21, 2014