Apple Users Beware: 2 Major Security Flaws
What exactly should I be doing to protect my iPhone and MacBook from the new security problems?
This question was answered on February 28, 2014. Much of the information contained herein may have changed since posting.
Apple users should be mindful of various security flaws discovered this past week with two major security holes in iPhones, iPads and one for any computer running the Mac OS X.
A programming bug that was traced back to a change 18 months ago essentially exposed Mac and iOS users to what’s known as the ‘Man in the Middle’ attack while accessing websites.
A lack of proper security certification has been providing Apple users with a false sense of security when accessing what appear to be verified secure websites.
We’ve all been told to look for sites that start with HTTPS:// whenever we’re working with sensitive information, because this represents a secure site.
Security is verified by an industry standard process whenever you’re browser visits a site, but the bug in the Apple programming didn’t properly certify the sites which could allow someone to create a fake bank website that passed you to the real website without being detected.
The ‘Man in the Middle’ could then silently monitor the transmissions between you and whatever website you were working with because your device never actually performed all the security steps.
If you have a basic understanding of programming, you can see how simple, but incredibly dangerous the error was from this website report: “An Extraordinary Kind of Stupid”
You can quickly test your Apple device or computer for this flaw by going to: https://gotofail.com
Apple users aren’t used to ‘urgent updates’ like Windows users are, but this one is about as urgent as anything that I’ve ever seen from the Microsoft camp.
iPhone and iPad users should immediately update to the latest version of iOS (7.0.6) by going to Settings => General => Software Update and tapping Install Now. It’s always best to do iOS updates when you are plugged into power and connected via wifi.
Mac OS X users should see an “App Updates Available alert” notification appear in the upper right corner of their screen and it should not be ignored.
You can also manually update by clicking on the Apple menu and clicking on the Software Update option.
Once you have updated all of your Apple products, as a precaution, I’d highly recommend that you change the passwords or access codes on any online account that you’ve accessed in the last 18 months.
Cyber-thieves use a variety of automated processes to gather sensitive information, so your information could have been compromised a while ago, but sitting in a database somewhere waiting to be sold.
Since there’s no way to recount everything you’ve accessed on your various Apple devices over the past 18 months, just play it safe by changing your access codes.
Another recent security flaw surrounding iPhone and iPad apps would allow a malicious app to record every keystroke or touch you make, essentially allowing a remote attacker to monitor everything you do on your phone or tablet.
While the security firm that discovered this flaw did so with a ‘proof of concept’ app, the possibility exists to be compromised, so be very careful what new apps you install on your Apple devices until Apple address this new issue.
The case can still be made that using Apple products on the Internet is generally safer, however, assuming that you have nothing to worry about anymore is not a good idea.
Need Help with this Issue?
We help people with technology! It's what we do.
Schedule an Appointment with a location for help!
Posted by Ken of Data Doctors on February 28, 2014