It’s been a rough few days for Apple’s renowned security reputation after a major flaw in iPhone software was found to be exposing users’ sensitive data on public WiFi networks — a security hole that now extends to Mac computers as well.
A Friday announcement from Apple about the iPhone security breach revealed a “man in the middle” secure socket layer vulnerability that would allow hackers to intercept iPhone user’s unencrypted data while their devices were connected to a public WiFi network, leaving data like emails, login credentials and even credit card data vulnerable to theft.
The flaw, apparently the result of a copy and paste error in a single line of code, let hackers intercept any such data and even alter it in transmission.
Apple issued a software update the same day, strongly encouraging users with iPhones to update their devices by either going to Settings on the home screen, selecting General and tapping on Software Update, or by connecting to a device’s home computer, opening iTunes, and following the prompts to update the phone.
Shortly after, security researchers at CrowdStrike found the same “goto fail” bug on Mac computers running Apple’s latest OS X software, which allowed for the same hacking of sensitive information while connected to a public WiFi Internet network. Secure data being sent from Mac’s proprietary Safari browser could be intercepted, altered, or both between the computer and its web destination.
The flaw has since been discovered in Calendar, Facetime, iBooks, Keynote, Mail, Twitter and even the Software Update apps on OS X.
Apple stated Monday it had a fix in the works already, and that it would be released shortly. A software update to repair the problem on iPads has already been released, and it’s recommended any Macs running OS X stay disconnected from public WiFi networks until another software update has been released.