Apple iOS Patch, What you Need to Know Now

1.    What is the meaning of the flaw and what do users need to do now?

The flaw basically means a critical check on the validity of a server’s SSL certificate is ignored when an app is establishing a secure connection. That might be your electronic banking application, your email, or a browser. This means that for quite some time, attackers with knowledge of this bug had the ability to mount man-in-the middle attacks to users operating Apple devices. This could have allowed interception or modification of SSL communications which are supposed to be private and encrypted. The impact is to the many commonly used browsers, email clients, instant messaging clients, social network apps and so on.

The bug has been fixed in the latest iOS release, but the current Mac OS X also appears to have the flaw and until a patch is available, OS X based laptops, desktops and servers are vulnerable.

2.    Should they download the patch?

They should patch immediately. This is a major bug that puts users’ sensitive data like login credentials, passwords, email, and browsing data at risk. When Apple releases for OS X, users should patch at their earliest opportunity. Until then, users should be very wary of accessing web content that is sensitive, especially on a network that attackers may also be on at the same time – which is more often than you might think.

3.    What else?

Even the best companies can make mistakes. In this case a major flaw persisted for a long time. Using solutions for data protection from leading experts in data security who use secure software development practices, security validation and independent tests can help avoid this kind of situation when selecting tools for enterprise data protection.

On OSX, until Apple releases a patch, users may use alternative browsers such as Chrome and Firefox which, according to reports, do not have this issue.

Even the best companies can make mistakes. In this case a major flaw persisted for a long time. Using solutions for data protection from leading experts in data security who use secure software development practices, security validation and independent tests can help avoid this kind of situation when selecting tools for enterprise data protection.

Read more here.

 

Leave a Reply

Your email address will not be published. Required fields are marked *