The Daily Buzz

Why Apple’s recent security fail is so scary

February 24, 2014 at 2:35 p.m.

A woman walks by a banner advertising iPhone 5c at a subway station in Seoul, South Korea, Thursday, Dec. 12, 2013. A Seoul court rejected Samsung's claim that iPhone and iPad models violated three of its patents, another setback for the South Korean electronics giant in a global battle with Apple over rights to technologies that power smartphones and tablets. (AP Photo/Ahn Young-joon)

Just when you think you’re safe, those damn hackers are at it, again.

Apple has quietly released the new iOS 7.0.6, explaining in a release note that it fixed a bug in which “an attacker with a privileged network position may capture or modify data in sessions protected by SSL (Secure Sockets Layer)/TLS (Transport Layer Security). In other words, the information on your Apple devices is no longer secure!

The SSL is the tool that ensures that the communication between your browser and your favorite websites’ servers remains private and secure. The TLS is a more recent protocol that essentially does the same thing. They work together to let the browser and the server know that they are who they claim to be. It’s kind of like a secret digital handshake that keeps your information secure … only now some geeky techno-nerds have figured out that secret handshake and now all your information can be served on a silver platter.

Usually, attacks like this are stopped immediately because the SSL/TLS makes these encrypted handshakes nearly impossible to get in the middle of, but this new Apple bug makes it all too easy.

This Apple bug blocks Safari, or other affected applications, from knowing for sure if the servers it’s talking to are actually who they say they are. This makes everything you transmit over the web vulnerable to a ‘Man in the Middle’ attack, which essentially is high-tech eavesdropping. So, in short, all the information you put out, or search for, or transpires between you and another party can be seen, monitored, and even recorded.

Your email, Facebook, even the payment you made to eBay because you secretly purchased a pair of Justin Beiber’s worn out skinny jeans –all being viewed by a complete stranger. Yikes! (Better clear your history, STAT!)

A John Hopkins cryptography professor, Matthew Green tweeted that he is not going to talk details about the Apple bug except that it is not yet under control.

I'm not going to talk details about the Apple bug except to say the following. It is seriously exploitable and not yet under control.
— Matthew Green (@matthew_d_green) February 21, 2014

He explained to Reuters that it is “as bad as you could imagine.”

Like many others fearing the worst, Green is choosing to stay quiet on the subject until it is resolved. Apparently, the issue has been going on since September of 2012 but if you’ve updated your iPhone or iPad to 7.0.6, you’re fine. The real problem is that it hasn’t yet been fixed for MacBooks, where many do most of their web surfing.

The best way to prevent this bug from attacking your device is to stop what you’re doing, and download the iOS 7.0.6 immediately.

If you’ve got a 3GS or an old iPod touch, you can download the iOS 6.1.6 instead.

Apple says there will be a fix “very soon.”

“Very soon” is very vague, Apple. You might want to be extra careful when surfing the Internet until “very soon” means they have fixed it … like now, please.

Check out this open forum if you've still got some concerns.

Want the latest buzz before it goes viral?
Follow @YDailyBuzz on Twitter!