Apple announced last week that there is a significant security flaw affecting literally hundreds of millions of iPhones, iPads and iPod Touches running iOS 7, the latest version of the company’s mobile operating system.
Baked into the system was a flaw that allowed an attacker, under certain circumstances, to intercept and read in plain sight – traffic the users thought was encrypted via Secure Socket Layer technologies. That would include email, tweets, Web browsing and, potentially, mobile banking sessions that occur within the Web browser.
Mark Bower, a vice president at Voltage Security, elaborated: “For quite some time, attackers with knowledge of this bug had the ability to mount man-in-the middle attacks to users operating Apple devices. This could have allowed interception or modification of SSL communications which are supposed to be private and encrypted.”
Experts appear divided as to whether this flaw also impacted traffic via apps, such as mobile banking apps.
Last week Apple issued a patch that it said fixed the problem on iPad, iPhone and iPod Touch.
However, the company also indicated that a related flaw exists in its OS 10 operating system for desktop and laptop computers. No patch has been issued so far, although Apple has indicated that one is imminent.
Note, too, the SSL attack can occur only when the hacker has control over a WiFi network (typically a public network) or has erected a rogue cellular network (technically doable but sophisticated and rare). This requires significant skill on the part of the attacker, said experts.
Users who never access public WiFi probably have nothing to fear, said most experts.
Experts also, unanimously in this reporter’s poll, urged Apple mobile device owners to download the security patches as soon as possible.
Don’t wait until it’s too late! Check out First Financial’s ID Theft Protection products – with our Fully Managed Identity Recovery services, you don’t need to worry. A professional Recovery Advocate will do the work on your behalf, based on a plan that you approve. Should you experience an Identity Theft incident, your Recovery Advocate will stick with you all along the way – and will be there for you until your good name is restored.
Our ID Theft Protection options may include some of the following services, based on the package you choose to enroll in: Lost Document Replacement, Credit Bureau Monitoring, Score Tracker, and Three-Generation Family Benefit. To learn more about our ID Theft Protection products, click here and enroll today!*
*Identity Theft insurance underwritten by subsidiaries or affiliates of Chartis Inc. The description herein is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions.
Article Source (Written by Robert McGarvey in the Credit Union Times): http://www.cutimes.com/2014/02/24/apple-ios-security-flaw-prompts-patch-advice?eNL=51520a1b140ba0ed7800006c&utm_source=Daily&utm_medium=eNL&utm_campaign=CUT_eNLs&_LID=15773060