Apple software security flaw may allow hackers to intercept encrypted communications
Apple Inc said in a statement on Friday, February 21 that hackers could intercept communications like email that are supposed to be encrypted due to a major flaw discovered in its mobile devices software, Reuters reported.
According to experts, hackers could amend the information exchanged between a user and protected website like Facebook or Gmail if they will get access to the network of the user. This can be done if both the user and the attacker use the same unsecured wireless Internet connection, such as one that would be provided by a restaurant, for example, the report said.
Matthew Green, a cryptography professor at Johns Hopkins University told Reuters in an interview, "It's as bad as you could imagine, that's all I can say." The report quoted the statement that Apple issued on its support website which stated that the software "failed to validate the authenticity of the connection."
Apple did not reveal how they got to know about the flaw or when they discovered it. It did not also state if vulnerability was already being taken advantage of. The weakness was related to how the iOS manages sessions in secure sockets layer or transport layer security, the report said.
The tech giant had rolled out software patches as well as an update for the existing version of its iOS for iPhone 4 and higher models, 5th generation iPod touches and iPad2 and higher versions, the report said.
Green added that unless a solution for the vulnerability is found, a hacker has the power to masquerade as a protected site and look at the information exchange-whether its email or financial data-that goes on between the user and the authentic site, the report said.
Apple is still reeling from recently-leaked intelligence documents which said that authorities were able to break into iPhones all the time, the report said.