Tags: apple | security | flaw

Apple Security Flaw Compromises iOS, OSX, Opening Door for Hackers

By Clyde Hughes   |   Monday, 24 Feb 2014 01:51 PM

Apple is trying to fix a major security flaw on its mobile device software that could allow hackers to capture email and other communications that are supposed to be encrypted.

According to Reuters, the flaw could allow hackers to have access to the user's mobile network, giving them the power to alter exchanges between the user and protected sites such as Gmail and Facebook. The news agency said governments with telecom carrier data access could do the same.

Urgent: Do You Approve Or Disapprove of President Obama's Job Performance? Vote Now in Urgent Poll

Apple did not disclose how it learned of the flaw nor did it say whether the flaw was currently being exploited by hackers. The company did say on its support website that the security software "failed to validate the authenticity of the connection."

The security flaw affects Apple's iOS mobile operating system and its desktop OSX software through reverse engineering security updates.

"This enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favorite webmail provider and perform full interception of encrypted traffic between you and the destination server," wrote Crowdstrike’s researchers, according to Forbes. The bug also "give(s) them a capability to modify the data in flight (such as deliver exploits to take control of your system)."

Researchers told Forbes that the vulnerability allows communications to be eavesdropped or corrupted and could be used as a backdoor implanted to offer access to the National Security Agency or others.

"This sort of subtle bug deep in the code is a nightmare," Adam Langley, a Google security staffer, told Forbes, stating that its creation may have been by accident. "I believe that it's just a mistake and I feel very bad for whomever might have slipped in an editor and created it."

Reuters' Joseph Menn said the fact that hackers had not reportedly taken advantage of the flaw before last week's announcement lends to evidence that they may not have known it was there, either.

"Until Apple releases a patch of its own, users should update their iOS devices to the latest version, use Chrome and Firefox rather than Safari, and try to avoid untrusted networks," Forbes' Andy Greenberg wrote.

Editor's Note: Do You Support Obamacare? Vote in Urgent National Poll

Related Stories:

© 2015 Newsmax. All rights reserved.

1Like our page

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

America's News Page
©  Newsmax Media, Inc.
All Rights Reserved