Consumer Electronics
Apple Takes Low-Key Approach to Fix Major Security Flaw
February 22, 2014 9:42 am
Last Updated: April 27, 2020 4:24 pm
This is a pretty big deal. It means that an attacker could intercept communications from an iPhone that was meant to be encrypted. Let’s say the attacker had access to the same network over an unsecured WiFi connection in a coffee shop or restaurant. He could impersonate a protected site such as Facebook or Gmail and alter any data passed between the iPhone and the site. The worse news for Apple is the its desktop operating system, OS X, is perhaps even more exposed to attack.
Given the severity of the potential damage, Apple has taken a low-key approach to notifying users of the harm to which they are exposed. The company has pushed a patch to iPhone users, but the company’s note says only, “This security update provides a fix for SSL connection verification,” and contains a link to a page on Apple’s support site. The update gives no sense of urgency about installing the patch.
This has to be embarrassing for Apple. SSL (secure socket layer) has been around for about 20 years and implementing it properly should be a no-brainer for a company like Apple. Perhaps that is why the company’s response has been so low-key.
Sponsored: Find a Qualified Financial Advisor
Finding a qualified financial advisor doesn’t have to be hard. SmartAsset’s free tool matches you with up to 3 fiduciary financial advisors in your area in 5 minutes. Each advisor has been vetted by SmartAsset and is held to a fiduciary standard to act in your best interests. If you’re ready to be matched with local advisors that can help you achieve your financial goals, get started now.