About the recent Apple SSL bug

Ensuring the security of your systems and computers can sometimes seem like a full time job and an uphill battle, especially with the increasing number of security issues being discovered. From bugs in software to malware, there is almost always some attack challenging the system security and potentially leading to a security breach. The other week a number of articles highlighted a bug in Apple's systems that poses a potential security flaw.

About the bug

News broke on many security websites mid-February about a potentially critical security flaw in Apple's systems following the company releasing an update to their mobile operating system, iOS.

The update notes released by Apple noted that the patch "provides a fix for SSL connection verification." This is a fairly common update as it is aimed at improving the security of communications between websites and the device. However, security experts found out that without the update attackers who can connect to a network are able to capture sensitive information being sent in banking sessions, email messages, and even chat messages using what's called an SSL/TSL session.

What exactly is SSL/TSL?

Secure Sockets Layer (SSL) and Transport Layer Security (TSL) are used in networks to essentially establish an encrypted link between a server and your computer. They are most commonly used to secure websites and the transmission of data. Take a look at some websites and you may see a padlock on the URL bar, or https:// in the URL. This indicates that the website is using SSL or TSL encryption to protect the data that is being transmitted e.g., your bank account information on a website.

In other words, SSL and TSL are used to ensure that information is exchanged securely over the Internet.

What was the problem and what software was affected?

It was found that there was a bug in the code Apple's software uses to establish a SSL connection which causes the whole SSL system to fail, potentially exposing data that should have been encrypted to anyone connected to the network with the right tools.

According to security experts, this bug has been found to affect devices running older versions of iOS 7, OS X 10.8 and newer, Apple TV, and possibly iOS 6. It is important to note that the bug is only found in Apple's SSL technology. Any app that uses Apple's version of SSL could be affected.

Has Apple solved this?

Luckily, Apple has released updates to all of their devices that should solve this security exploit. If you have not updated your device or computer since the middle of February you could be at risk.

How do I prevent my systems from being affected?

The first thing you should do is to update all Apple related apps and devices, including all mobile devices. If you are unsure about whether your apps are secure enough, try using another app, especially another browser. The reason for this is because browsers like Chrome and Firefox all use a different SSL technology and are unaffected by this bug.

You should also remain vigilant and not connect to any open or public Wi-Fi connections or even secured Internet connections that could be easy to break through. Basically, as long as you update you should be fine. However, it may be worthwhile using another browser if you are really worried about whether you have a secure connection.

If you are looking to learn more about this security flaw, or how you can secure your business from threats like this, contact us today. We can help.

Published with permission from TechAdvisory.org. Source.


Leave a comment!

You must be logged in to post a comment.