Huffpost Business

The Apple Security Hole Keeps Getting Worse

Posted: Updated:
Print Article
APPLE
AP

Apple's security hole is growing wider and wider.

The company divulged on Friday that it found a major vulnerability that would let a hacker intercept email and other secure communication sent from iPhones and iPads on Friday. Hours later, outside experts found the same flaw in the Safari browser on Mac computers.

By Sunday, security expert Ashkan Soltani tweeted that he found the "goto fail" vulnerability -- named after the single line of code responsible for the problem -- embedded in Calendar, Facetime, Keynote, Twitter, Mail and iBooks applications on Macs running the OS X operating system.

The security flaw worried many who said it would allow someone sharing a WiFi network with you -- say, at a coffee shop or an airport -- to see and change messages meant to be sent securely. According to Soltani, even Software Update, the application that installs security fixes on Macs, is vulnerable.

After Apple published a security patch for the iOS problem (just go to "Settings" on your iPhone or iPad and do a software update), the race to find the "goto fail" bug on other Apple products was on.

A few hours later on Friday, researchers at the security startup CrowdStrike replicated the hack on Mac computers running the operating system OS X, finding that supposedly secure messages sent from Safari (but not necessarily from Firefox or Chrome) were vulnerable to be being read and altered mid-flight. After Soltani's find, we know it's affecting many more applications, too.

"We are aware of this issue and already have a software fix that will be released very soon.” an Apple spokesperson told The Huffington Post.

Until then, keep your Mac away from your neighborhood coffee shop's WiFi.

This post has been updated with comment from Apple.

Read here to learn how to download the security patch.

Around the Web

If You Own an Apple Mobile Device, Upgrade Its Software Now

Apple's 'Gotofail' Security Mess Extends To Mail, Twitter, iMessage, Facetime ...

Apple security flaw could allow hackers to beat encryption

Apple security flaw: Fix issued for iPhone and iPad, still to come for Macs