Home / Business / Apple’s SSL-TSL Security Breach

Apple’s SSL-TSL Security Breach

Oceanside CA- Security experts say Apple has patched a hole that could have exposed sensitive information to hackers. The security flaw could allow hackers to beat encryption. “It’s as bad as you could imagine, that’s all I can say,” said Johns Hopkins University cryptography professor, Matthew Green. The emergency software fix is to correct a security flaw putting both iPhone and Mac users at risk. The fix confirms researchers’ findings late Friday that a major security flaw in iPhones and iPads also appears in notebook and desktop machines running Mac OS X,

Apple released a fix, Friday afternoon, for the mobile devices running iOS and most will update automatically. Once that fix came out, experts dissected it and saw the same fundamental issue in the operating system for Apple’s mainstream computers. Without the fix, a hacker could impersonate a protected site and sit in the middle as email or financial data goes between the user and the real site, Green said. That started a race, as intelligence agencies and criminals will try to write programs that take advantage of the flaw on Macs before Apple pushes out the fix for them.

The issue is a “fundamental bug in Apple’s SSL implementation,” said Dmitri Alperovich, chief technology officer at security firm CrowdStrike Inc. a security startup founded by George Kurtz and Dmitri Alperovitch. The full severity of the security flaw is unkown and how long users have been at risk is undetermined but the duplicated line of code that prompted the patch has been in place since September 2012.

Security experts advise; if your devices have not updated automatically, it is recommended you update iPhones and iPads with the available iOS patches now.

The latest security flaw comes on the heels of a December report from Der Spiegel Magazine stating the NSA has had a 100% success rate planting spyware to intercept communications on iPhones. Leaked internal documents, published by the German magazine, in December, have revealed a program called DROPOUTJEEP, which intercepts voicemails, tracks messages and remotely pulls files from the device, accesses contact lists, locates a phone using cell tower data, and even activates the device’s microphone and camera.