Tuesday, 25 February 2014
Apple users in security warning
The security flaw has been identified in OS X which runs on laptops and desktops
Users of Apple's OS X operating system are being warned to take care when browsing online as they wait for a solution to a security flaw. A software update was released last week to owners of iPhones, iPads and iPods to protect users from "an attacker" who may "capture or modify data".
It was later discovered that the problem also existed on Apple laptops and desktop computers running OS X.
A security fix has not yet been issued.
The problem was first spotted on Apple's mobile devices which run the iOS 7 operating system. It relates to the way secure connections are made between Apple's safari browser and websites, including banking sites, Google and Facebook.
These sites have digital security certificates that allow an encrypted connection to be established between a user's computer and the website. This means any data that is sent over the connection should be secure.
Dropped the ball However, a vulnerability in the code for Apple's iOS and OS X operating systems meant the security certificates were not being checked properly. This meant hackers could impersonate a website and capture the data that was being sent over the connection before letting it continue its journey to the real website.
Apple released a fix for mobile devices running iOS 7 last week but a spokesperson issued the following statement about OS X: "We are aware of this issue and already have a software fix that will be released very soon."
According to researchers the security flaw had existed for months but no-one had reported it publicly.
Graham Cluley, a security analyst, said it was a failing by the company that it had not been identified earlier.
"It's pretty bad what Apple have done, they've seriously dropped the ball. How much the problem has been exploited is hard to say. Hackers may now be trying to take advantage while users wait for the security fix."
He advised users to take care when using the web and consider using an alternative browser to Safari until the problem was fixed.
He also urged users of Apple's mobile devices to upgrade to the latest iOS version as soon as possible and for OS X users to keep their eyes open for a security update and to implement it as soon as it was available.