Over the weekend I try to stay off the internet and computer a lot so I missed the iOS 7.0.6 release when it first landed. At first glance I assumed it would be a small update akin to the iOS 7.0.5 update that aid network provisioning in China but in fact this simple line showed something much more worrying.
This security updates provides a fix for SSL connection verification.
What this means is that iOS (allegedly since iOS 6.0) has been unable to tell if there is a computer on the same network reading your data [click here to read Apple’s official release about the security update]. This means that it hasn’t stopped sending data if someone else is reading it and this is a very simple procedure to exploit.
So if you’ve been using Safari or mail on your iOS device, your data probably hasn’t been secure and could have been intercepted with no way of telling if or who intercepted the data.
This has been limited to Apple services but that’s little comfort from a company who try to provide all the basic services you need or if you’ve made the switch away from Google based services out of data fears.
No Fix for OSX Yet
To make the matter more shocking there is currently no fix for OSX yet meaning that Safari, Mail.app and other Apple related services with data transfer across SSL. Until an Update comes fixing this bug it is best to change your browser and not use the basic apple internet services on your Mac or Macbook.
Long Term Apple Security
John Grubber has already donned the tin foil hat with connections with the NSA that may or may not show Apple’s complicate behaviour in NSA data mining. To be fair John points out this may be a coincidence, the NSA may have utilised this for Prism or there may be another security loop hole and Apple may know nothing about this. The most worrying thing about this is the signs of security on Apple to come.
Apple’s previously small marketshare had protected it from much attention of hackers but with the Apple revival and iOS boom Apple is now on many less pleasant characters radars. Security is one of the primary needs for a Computer system especially with the growth of internet services and the amount of personal data that they hold. In this environment it would be great to see Apple miles ahead of the competitors.
While it’s certainly true that the lock down nature of iOS does help protect it against a lot of Malware (unlike Android) this is a serious security blunder that has to raise questions over whether Apple is really the reliable safeguard of data it had previously been taken for granted for.
Do you feel less safe using Apple products after this security flaw?