iOS And Mac Security Flaw Opened Hole For Snoops

A serious vulnerability in the iOS operating system could have been used to subvert encryption on iPhones and iPads to spy on users. The weakness also affects Mac machines, security researchers have warned.

Apple notified users about the flaw in an update at the end of last week, saying in an advisory for the iOS 7.0.6 release that “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS”.

“Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps,” the tech titan said.

Mac OS and iOS affected

iOS, despite being hailed as a secure product, has had many vulnerabilities addressed in the past.

But researchers are equally concerned that the SSL weakness could pose a serious danger to Mac users, as a patch has not been issued for Apple’s desktop operating system.

An attack would require the hacker to be on the same network as their target. Once on that network, they could snoop on communications that were supposed to be encrypted over SSL.

“This [flaw] enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favourite webmail provider and perform full interception of encrypted traffic between you and the destination server, as well as give them a capability to modify the data in flight (such as deliver exploits to take control of your system),” wrote Crowdstrike engineers Alex Radocea and John Costello.

“Update your Apple devices and systems as soon as possible to the latest available versions. Do not use untrusted networks (especially Wi-Fi) while traveling, until you can update the devices from a trusted network.”

How well do you know network security? Try our quiz and find out!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Google Warns Of Italian Spyware On Apple, Android Phones

Italian company's hacking tools have been used to spy on Apple, Android smartphones in Italy…

2 days ago

Intel Signals Delay To Ohio Factory Over US Chips Act Dispute

Chip maker warns new factory in Columbus, Ohio could be delayed or scaled back, over…

2 days ago

Silicon UK In Focus Podcast: Sustainable Business

How do sustainable businesses use technology to innovate? And as businesses want to connect sustainability…

2 days ago

Australia Fines Samsung Over Water-Resistance Claims

Samsung rapped over the knuckles by Australian regulator because of 'misleading' Galaxy smartphone water-resistance claims…

3 days ago

Amazon Reveals Alexa Option To Mimic Any Person’s Voice

Bereavement aid for those in mourning? Amazon's Alexa voice assistant could be programmed to sound…

3 days ago