Apple admits Mac has same security flaw as patched on iOS

Feb 22, 2014
0
Apple admits Mac has same security flaw as patched on iOS

Apple will release a Mac update "very soon" that will address a newly-identified OS X security loophole that could allow hackers to remotely access sensitive information from users' computers. The flaw was identified after Apple admitted it had spotted a similar glitch in iOS, releasing an update for iPhones and iPads on Friday to patch it.

"We are aware of this issue and already have a software fix that will be released very soon" Apple spokesperson Trudy Muller confirmed to Reuters today, though declined to give specific details on the potential exploit.

Researchers discovered that, just as the way iOS incorrectly handled SSL security certificates, so OS X had a similar shortcoming. The hole has been present in several iterations of Mac software going back "months" they claim, though it's unclear if any actual security hacks have utilized it.

At the root of the problem is the way that OS X and iOS failed to actually authenticate security certificates, with incomplete code seeing both platforms accept the credentials without actually checking them first.

If a hacker had access to the same WiFi network, for instance, it could have allowed them to fake a secure site and thus gain access to files and other data stored on the victim's Mac.

Although the general assumption is that the security shortcoming is simply a mistake, there have nonetheless been conspiracy theories that it was purposefully included so as to allow a "back door" for entry by security agencies like the NSA. Apple has previously been vocal in denying it gives law enforcement or surveillance services any such access.


Must Read Bits & Bytes