Apple issues OS X security fix [154]

Apple has issued a fix to a flaw in its OS X operating system which previously left users vulnerable to security breaches while browsing online.

A software update was released last week to iPhone, iPad and iPod owners to protect users from "an attacker" who may "capture or modify data".

It was later discovered that the problem also existed on Apple laptops and desktop computers running OS X.

On Tuesday, Apple issue a security fix through its software update service.

The problem was first spotted on Apple's mobile devices which run the iOS 7 operating system. It related to the way secure connections are made between Apple's safari browser and websitessites, including banking sitess, Google and Facebook

.

These sitess have digital security certificates that allow an encrypted connection to be established between a user's computer and the websitesite. This means any data that is sent over the connection should be secure.

Dropped the ball

However, a vulnerability in the code for Apple's iOS and OS X operating systems meant the security certificates were not being checked properly. This meant hackers could impersonate a websitesite and capture the data that was being sent over the connection before letting it continue its journey to the real website

site.

iPads A security fix has already been issued for users of iPads, iPhones and iPods

Apple released a fix for mobile devices running iOS 7 last week but a spokesperson issued the following statement about OS X: "We are aware of this issue and already have a software fix that will be released very soon."

The fix was released on Tuesday.

According to researchers the security flaw had existed for months but no-one had reported it publicly.

Graham Cluley, a security analyst, said it was a failing by the company that it had not been identified earlier.

"It's pretty bad what Apple have done, they've seriously dropped the ball. How much the problem has been exploited is hard to say. Hackers may now be trying to take advantage while users wait for the security fix."



Font: bbc