Tuesday, 25 March 2014

A Bad Apple??

Apple Mobile Devices Vulnerable to Hack

The developers claimed that a major vulnerability in Apple software for mobile devices can enable hackers to intercept email and other communications that are supposed to be encrypted. In addition, the experts said that Mac computers are even more exposed than mobile devices.

In case hackers obtain access to a mobile user’s network, for example by sharing the same unsecured Wi-Fi service offered by a public place, they could see or alter exchanges between the user and protected websites like Gmail and Facebook. In the meantime, governments having access to telecom carrier information could do the same thing.

The tech giant didn’t reveal when or how it learned of the vulnerability in the way its operating system handles sessions in secure sockets layer or transport layer security. Apple also didn’t provide information on whether the flaw was exploited and by whom.

However, a statement on Apple support website was blunt, saying that the software “failed to validate the authenticity of the connection”. The company developers released software patches and updated the current version of iOS for iPhone 4 and later, 5th-generation iPod touches, and iPad 2 and later.

The security experts explain that without that fix, an intruder could impersonate a protected website and sit in the middle as email or financial information was going between the user and the real website. After analyzing the Apple fix, some security experts claimed that the same flaw also existed in current versions of Mac OSX, running Apple laptop and desktop PCs. The problem is that no patch is available yet for that OS, though it is expected in the nearest future.

Since spies and hackers can also study the issued patch, they could in response develop programs to take advantage of the vulnerability within days or even hours. Industry observers say that the issue was a fundamental bug in SSL implementation, and OS X was at risk.

The tech giant didn’t provide any comments on the issue. The bug was in how well-understood protocols were implemented, representing an embarrassing lapse for Apple, which was recently stung by leaked intelligence papers claiming that authorities could successfully break into any iPhone.

No comments: