The Latest Apple Security Problem and What You Should Do

TL;DR version:
If you use an iPhone or iPad update it to the latest version of iOS which came out a couple of days ago.
If you use Mac OS X (laptop), use Chrome or Firefox to browse the web until an update is released.

For the long version, I’m going to make the assumption that you have a technical background:
A bug was recently discovered in Mac OS X 10.9 that means the signing chain for an SSL/TLS certificate isn’t verified. This makes a man-in-the-middle attack possible. This is certainly big news and should be patched as quickly as possible the exploit requires the attacker to jump through a lot of hoops to exploit it. They’d have to hijack your DNS and have site that look similar enough to the real site to prompt you put in your username/password. If you’re on your home network this probably isn’t the case if you’re on public wifi it’s more likely but would involve someone first having to hack the router at the cafe and redirect it to poisoned DNS servers and have a site(s) up and running that would convince you put in your username/password, but if you’re concerned about privacy on unknown networks you are using a VPN like Private Internet Access anyway right?

FWIW this code was likely discovered because the core of Mac OS X (Darwin) is open source and the code is verifiable.

UPDATE: Apple has released an update for Mac OS X install this and all will be well.

Share

Comments are closed.