Apple Encryption Flaw Leaves Data Vulnerable to Hackers

Apple Encryption Flaw Leaves Data Vulnerable to Hackers

Apple Encryption Flaw Leaves Data Vulnerable to HackersIf you are the proud owner of an Apple device, listen up! On Friday, Apple revealed a major SSL (Secure Socket Layer) vulnerability in its software; so, what does that mean to you? Well, hackers can intercept and alter communications, like email and login credentials, on any Apple device because communications that are meant to be encrypted are not.

Because of this vulnerability, a man-in-the-middle (MITM) attack can seamlessly intercept communications, including unencrypted passwords, between you and your intended recipient or website. The attacker is able to act like a proxy, reading, inserting and modifying the data by using a fake certificate of authority to trick the device into thinking it is interacting with a trusted host.

Apple responded immediately by rushing out a new version of iOS for tablets and phones to patch this vulnerability, but it was only issued for iPhones, generation 4 or later; iPod touch, 5th generation and iPad, 2nd generation, while a blunt statement was found on Apple’s support site: The software “failed to validate the authenticity of the connection.”

By the way, did you notice that Mac computers were not mentioned regarding the new version of iOS? That’s because they are currently being left hanging without a patch.

For those of you with newer Apple devices, most of them should have automatically updated with the patch to deter this SSL vulnerability. If not, however, I suggest going to your settings icon immediately and updating your software. And, for the Mac computers left out, I guess you’re “on a wing and a prayer” right now since I’m sure hackers are already studying the patch to develop programs to take advantage of Apple’s flaw.

About the Author

Ginger Hill is Group Social Media Manager.

Featured

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.