Apple acknowledged a major security flaw in its software for mobile devices on Friday but did so in such a low-key way that most users likely aren’t aware of just how at risk they might be if they fail to update their software. Plus, experts are saying that Mac computers could be even more exposed to attacks than the mobile software. So what is the problem? A Secure Socket Layer (SSL) vulnerability allowing hackers to intercept information that was supposed to be encrypted.
24/7 Wall Street explains:
Let’s say the attacker had access to the same network over an unsecured WiFi connection in a coffee shop or restaurant. He could impersonate a protected site such as Facebook or Gmail and alter any data passed between the iPhone and the site.
Johns Hopkins University cryptography professor Matthew Green summarizes it succinctly to Reuters: "It's as bad as you could imagine, that's all I can say.”
I'm not going to talk details about the Apple bug except to say the following. It is seriously exploitable and not yet under control.--; Matthew Green (@matthew_d_green) February 21, 2014
The flaw is certainly embarrassing considering SSL is hardly groundbreaking stuff and has been around for years. Some are speculating that it is this very security hole that allowed the National Security Agency to allegedly access any iOS device, according to documents leaked by Edward Snowden, points out ZDNet. Apple has denied that is the case.