Apple's SSL Vulnerability: Are your iOS / OS X devices safe?

Apple's SSL Vulnerability: Are your iOS / OS X devices safe?

Heather Parry

By Heather Parry

28 February 2014

In the last week or so, Apple has been experiencing a huge amount of negative publicity since the news broke that there was a serious security issue in both their iOS and OS X systems.

More specifically, when Apple issued an update for iOS, the information posted online revealed that there had been some problems with Apple’s implementation of a key encryption technology, namely SSL (Secure Sockets Layer). SSL and TLS work together as an encryption link between a device and a server, meaning that any data or information passed between the two is secure. While this pair is used mostly when you browse the web, it is also used when you do almost anything on your iPhone or device, including using calendars and chatting.

The vulnerability meant that “an attacker in a privileged network position may capture or modify data in sessions protected by SSL”. That’s a pretty huge security risk for pretty much anything your iOS device does.

Thankfully, Apple issued a patch for iOS last week, to fix this “data security” issue regarding all iPhones and iOS devices, like the 5th gen iPod Touch and the iPad 2. The fact that they were happy to talk about the bugs they were fixing was a refreshing change for a company that generally keeps quiet about this kind of thing, and their discussion allowed users to feel a little more trusting, despite the security hiccup.

However, several days later, Apple also issued a security update for many version of OS X, for what it emerged were a huge 33 issues.

The most interesting of these was an issue with SSL in Mountain Lion, meaning that, as with iOS, attackers could potentially capture and modify data sent from your computer, most likely through Safari but, again, potentially from any app like Mail, Facetime or Calendar. 

How to check if your device is safe

It’s unclear at this point whether these patches have been entirely successful in securing a connection to the internet using an Apple device­–and, uncomfortably, to what extent the bug opened Apple device users up to attacks.

However, there is an easy way to check whether your iOS mobile device or OS X computer is currently vulnerable to the bug, which has become known as the gotofail issue. It’s recommended that you upgrade with all patches that have been released, then go to https://gotofail.com/ to find out whether the patches have fixed the issue. This website uses a simple green / yellow / red system; if red is shown, then your device is still vulnerable, and it’s back to the drawing board.

If your computer is still vulnerable, avoid Safari and instead use Chrome or FireFox for sensitive browsing  and / or transactions. 

 

 

About Us

SurfEasy is a VPN tool that protects your online privacy and unblocks the internet. Use it on your Mac, PC, iPhone, iPad or Android.

Learn More