On Friday, Apple announced a significant security flaw affecting literally hundreds of millions of iPhones, iPads and iPod Touches running iOS 7, the latest version of the company's mobile operating system.
Baked into the system was a flaw that allowed an attacker, under certain circumstances, to intercept and read in plain sight traffic the users thought was encrypted via Secure Socket Layer technologies. That would include email, tweets, Web browsing and, potentially, mobile banking sessions that occur within the Web browser.
Mark Bower, a vice president at Voltage Security, elaborated: “For quite some time, attackers with knowledge of this bug had the ability to mount man-in-the middle attacks to users operating Apple devices. This could have allowed interception or modification of SSL communications which are supposed to be private and encrypted.”
Experts appear divided as to whether this flaw also impacted traffic via apps, such as mobile banking apps.
On Friday, Apple issued a patch that it said fixed the problem on iPad, iPhone and iPod Touch.
However, the company also indicated that a related flaw exists in its OS 10 operating system for desktop and laptop computers. No patch has been issued so far, although Apple has indicated that one is imminent.
Note, too, the SSL attack can occur only when the hacker has control over a WiFi network (typically a public network) or has erected a rogue cellular network (technically doable but sophisticated and rare). This requires significant skill on the part of the attacker, said experts.
Users who never access public WiFi probably have nothing to fear, said most experts.
Experts also, unanimously in this reporter's poll, urged Apple mobile device owners to download the security patches as soon as possible.
Experts also suggested that financial institutions such as credit unions alert their members who use Apple devices to the need to download the patch, which is free.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
