Apple can get bugs too

March 19, 2014 

Ensuring the security of your systems and computers can sometimes seem like an uphill battle, especially with the increasing number of security issues being discovered. From bugs in software to malware, there is almost always some attack challenging the system security and potentially leading to a security breach. Recently a number of articles highlighted a bug in Apple's systems that poses a potential flaw.

About the bug

News broke on many security websites last month about a potentially critical security flaw in Apple's systems following the company releasing an update to their mobile operating system, iOS.

The update released by Apple noted that the patch "provides a fix for SSL connection verification." This is a fairly common update as it is aimed at improving the security of communications between websites and the device. However, security experts found out that without the update attackers who can connect to a network are able to capture sensitive information being sent in banking sessions, email messages, and even chat messages using what's called an SSL/TLS session.

What exactly is SSL/TLS?

Secure Sockets Layer

(SSL) and Transport Layer Security (TLS) are used in networks to establish an encrypted link between a server and your computer. They are most commonly used to secure websites and data transmission. Take a look at some websites and you may see a padlock on the URL bar, or https:// in the URL. This indicates that the website is using SSL or TLS encryption to protect the data that is being transmitted e.g., your bank account information on a website.

In other words, SSL and TLS are used to ensure that information is exchanged securely over the Internet.

What versions had problems?

It was found that there was a bug in the code Apple's software uses to establish a SSL connection which causes the whole SSL system to fail, potentially exposing data that should have been encrypted to anyone connected to the network with the right tools.

According to security experts, this bug has been found to affect devices running older versions of iOS 7, OS X 10.8 and newer, Apple TV, and possibly iOS 6. It is important to note that the bug is only found in Apple's SSL technology. Any app that uses Apple's version of SSL could be affected.

Has Apple solved this?

Apple has released updates to all of its devices that should solve this security exploit. If you have not updated your device or computer since the middle of February you could be at risk.

How do I prevent this?

The first thing you should do is update all Apple related apps and devices, including all mobile devices. If you are unsure about whether your apps are secure enough, try using another app, especially another browser. The reason for this is because browsers like Chrome and Firefox all use a different SSL technology and are unaffected by this bug.

You should also remain vigilant and not connect to any open or public Wi-Fi connections or even secured Internet connections that could be easy to break through. Basically, as long as you update you should be fine. However, it may be worthwhile using another browser if you are really worried about whether you have a secure connection.

David Spire, president and CEO of United Systems, holds an MBA degree as well as multiple technical professional certifications. He can be reached at 941-721-6423 or by email at david.spire@uscomputergroup.com.

Bradenton Herald is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service