As I’m sure many of you have heard recently, a major security flaw was recently discovered in Apple’s handling of SSL. This flaw potentially allows others to intercept data between your iOS/OS X device and a secure website, including web page content, email messages, and passwords. Fortunately, if you run Software Update on all of your devices, you will be protected.
I have not heard any report of this flaw being taken advantage of yet, so it’s difficult to know just how much damage (if any) this security flaw has done or will do. A hacker would need to either skim your data on an open WiFi network (what are the chances that a hacker will be visiting the same Starbucks as you?) or they would need to gain access to your traffic at an ISP, which is far more difficult to do.
There is a theory that this flaw may have been known by the NSA and was used to intercept data from Apple.
All Apple products have received free security fixes.
This flaw affects:
- iOS 6 through 6.1.5
- iOS 7 through 7.0.5
- OS X 10.9 Mavericks through 10.9.1
This flaw does not affect:
- iOS 5 and earlier
- iOS 6.1.6
- iOS 7.0.6
- OS X 10.8 Mountain Lion and earlier
- OS X 10.9.2 Mavericks
- Third-party OS X software such as Firefox and Chrome
Unfortunately for many who have held off on voluntarily updating to iOS 7, the only thing I can advise is to bite the bullet and do the upgrade or risk having your passwords stolen. The iOS 6.1.6 update that came out last week is only for devices that are not capable of running iOS 7.
Here is my advice on how to protect yourself:
- iOS & Mac
- Until you update your software, disable WiFi unless you are on WiFi network that is only used by people you trust (such as home, a friend’s home, or possibly work). Also do not use your computer for anything extremely sensitive such as banking until you have applied the updates, even if you are on a safe network.
- Run Software Update on your iPhone/iPad/iPod Touch ASAP. Settings > General > Software Update. If you are unable to update because you are out of storage check out my tips at the end of this article. If that doesn’t help I recommend making an appointment at the Apple Genius bar or with me right away.
- Run Software Update at the Apple Menu > Software Update.