Apple recently announced a major security breach for devices running Safari browsers that essentially allows a “middle man” to intercept Secure Sockets Layer/Transport Layer Security (SSL/TLS) communication, which normally keeps the data you share with other websites private. In layman’s terms, this means that if you’re on a website that uses this technology to establish a secure connection—between you a your bank, for instance—someone can “hack” in and steal sensitive information such as passwords, or even send you malware.
Some have speculated that the glitch was intended to help the U.S. National Security Agency tap into data transferred over public WiFi connections, while others have claimed it is just the result of sloppy programming. Whatever the cause, Apple has since released iOS 7.0.6 to close the gap for iPhone 4 and later, 5th-generation iPod touches, and iPad 2 and later devices. However, the update for OSX devices, such as MacBooks and iMacs, is still pending as of this writing.
With this in mind, if you own one of these devices, what can you do to protect yourself? First, you can test your connection here. Keep in mind that because the glitch primarily affects Safari, if you run the test using a different browser such as Firefox or Chrome, you’ll likely receive an error message that reads, “Your browser aborted loading the test image upon seeing an invalid ServerKeyExchange message. This means your browser is not vulnerable to the bug, however if you're on an Apple device make sure you test Safari.”
On the other hand, when running the test using Safari, you’ll likely receive the following message:
“YOUR BROWSER IS VULNERABLE, PATCH IMMEDIATELY! An attacker able to actively intercept your network connections (this is possible on most WiFi networks) can freely snoop on you, for example when you log into your bank account. Please check your browser and operating system for security updates and apply them right away. Other apps you have installed probably use the same SSL library and are also vulnerable - simply switching browsers will not fully protect you.”
Next, as the above message noted, you’ll need to download the patch. However, keep in mind this will only benefit Apple devices, not computers. Also, according to this article, some users claim that their iDevices were “bricked” after the update, so you may want to backup your device prior to installing.
If you’re unable to download the update
If you’re unable to immediately download the update, you may want to temporarily avoid public WiFi on Apple laptops, iPads and iPhones, such as those found in Starbucks, Planets, and others places. In addition, it may be a good idea to temporarily clear your cache and stored passwords from browser history. Here are some simple instructions on how to accomplish this in Firefox, Chrome, and Safari.
Image Credit: imcreator.com