nb_cid nb_clickOther -tt-nb this.style.behavior='url(#default#homepage)';this.setHomePage('http://www.aol.com/?mtmhp=acm50ieupgradebanner_112313 network-banner-empty upgradeBanner
14
AOL.com
AOL.com
AOL Mail
AOL Mail
Video
Video
AOL Favorites
Favorites
AOL.com

'Major flaw' in Apple software leaves mobile devices vulnerable to hackers


Apple computers especially vulnerable to hackers

(Reuters) - A major flaw in Apple Inc software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said on Friday, and experts said Mac computers were even more exposed.

If attackers have access to a mobile user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook. Governments with access to telecom carrier data could do the same.

"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green.

Apple did not say when or how it learned about the flaw in the way iOS handles sessions in what are known as secure sockets layer or transport layer security, nor did it say whether the flaw was being exploited.

But a statement on its support website was blunt: The software "failed to validate the authenticity of the connection."

Apple released software patches and an update for the current version of iOS for iPhone 4 and later, 5th-generation iPod touches, and iPad 2 and later.

Without the fix, a hacker could impersonate a protected site and sit in the middle as email or financial data goes between the user and the real site, Green said.

After analyzing the patch, several security researchers said the same flaw existed in current versions of Mac OSX, running Apple laptop and desktop computers. No patch is available yet for that operating system, though one is expected soon.

Because spies and hackers will also be studying the patch, they could develop programs to take advantage of the flaw within days or even hours.

The issue is a "fundamental bug in Apple's SSL implementation," said Dmitri Alperovich, chief technology officer at security firm CrowdStrike Inc. Adam Langley, a senior engineer at Google, agreed with CrowdStrike that OS X was at risk.

Apple did not reply to requests for comment. The flaw appears to be in the way that well-understood protocols were implemented, an embarrassing lapse for a company of Apple's stature and technical prowess.

The company was recently stung by leaked intelligence documents claiming that authorities had 100 percent success rate in breaking into iPhones.

Friday's news suggests that enterprising hackers could have had great success as well if they knew of the flaw.

(Reporting by Joseph Menn; Editing by Ken Wills and Robert Birsel)

More From You

-10
*0 / 3000 Character Maximum
Filter by:
Hello Brite eyes February 24 2014 at 11:21 AM

Friday's news suggests that enterprising hackers could have had great success as well if they knew of the flaw.
I thought that this last sentence was just packed with intelligence, it is kind of like a virtual invitation to hackers, even the ones who were asleep and didn't know about the flaw. Lets arm them (hackers) with this knowledge. Because God forbid they weren't paying attention to the first part of the article. I am also sure that any reader already understands the problem and didn't need a direct connecting statement as to what could happen if there were enterprising hackers. As if we needed to invite trouble.

Reply Flag as Abusive rate up rate down
Jeff February 23 2014 at 3:31 AM

Well, I'll be.

Reply Flag as Abusive rate up rate down
dorc792 February 23 2014 at 2:57 AM

see how we waste money on so called virus=protection...people who shop or trans-act buissenes by computer...are the targets of hackers ...yet we keep doing it...an the millionare computer giants laugh at our stupidity...

Reply Flag as Abusive rate up rate down
lindahsrman February 23 2014 at 2:38 AM

interesting

Reply Flag as Abusive rate up rate down
bjvogel48 February 23 2014 at 2:06 AM

Apple over priced garbage for hippies

Reply Flag as Abusive rate up rate down
1 reply to bjvogel48's comment
Gary from Bama February 24 2014 at 1:41 AM

Actually only you know if you know what you are talking about and whether or not you have ever owned an Apple or not. I've owned Microsoft Windows computers from Windows 3 through XP, Windows 7 and Windows 8, thankfully missed VISTA. I've also owned Apple, used Apple and PREFER Apple.

What I find amusing is how many folks, like you, cry at the price of Apple Computers only to end up, if they have and run (legally) and number of applications and programs, spend far more on Windows applications and programs than they do Apple. Sure Windows does cost less for the machine and while there are some good products most are not up to the standards and quality of most basic Apple machines. The applications that run on Apple are usually far superior to those for Windows in interface, power, and ease of use and learning. Compare function and price of Apple's WORK to Microsoft Office for instance.

Yeah Apples do cost more on the front end but based on what you get and what you pay to accomplish most task and stay current means Apple comes out better in the end. Not to mention that Apple's OSX is still far superior to Windows 7 & 8 although Windows has narrowed the gap since VISTA. To make though a blanket statement as you did usually is indicative of someone who never has tried or owned Apple or has some unwarranted bias toward those that do have and prefer Apple Computers.

Sorry but  Rules.

Reply Flag as Abusive rate up rate down
christopheaustruy February 23 2014 at 2:05 AM

Whatever you publish on the internet is hackable (and hacked) this is the first law of data security.

Reply Flag as Abusive rate up rate down
uplnu February 23 2014 at 1:15 AM

thought that was apples selling nitch 'we can't be hacked'??@!!! wtf

Reply Flag as Abusive +2 rate up rate down
djpetitte February 23 2014 at 1:13 AM

CrApple: Overpriced hipster garbage.

Reply Flag as Abusive +1 rate up rate down
blucola February 23 2014 at 12:22 AM

And I've had multiple Windows products that have been riddled with viruses, malware and adware over the years. I've yet to have a single problem with my ipods. Smart people don't do anything sensitive, datawise, in unsecure locations like coffee shops and other free wifi spots.

Reply Flag as Abusive rate up rate down
itooso February 23 2014 at 12:12 AM

What thinking of getting an Apple computer, but after reading this article I am having second thoughts.

Reply Flag as Abusive +1 rate up rate down
1 reply to itooso's comment
Gary from Bama February 24 2014 at 1:50 AM

I can fully empathize with your thoughts here but before you dismiss  Apple consider the following. Even though Apple to date has suffered far less attacks and intrusions than Windows you can still invest in Virus and Malware protection and in some cases (Avast) some of the best are FREE of Charge.

Apple has always been proactive and quick to respond to any threats as they came aware of them and like in the past I feel certain that Job 1 at Apple is to find, apply, and distribute a fix for this recent threat. Also for those familiar with both Windows and Mac operating systems and applications running on both you will find Apple  has far more satisfied users who will chose Apple over Windows and not usually go back. Windows does have a much better OS than in the days of VISTA but Windows is by no means more secure than Apple it's just that there are people out there concentrating on Apple because of an (for them) untapped resource where they perceive they might make illegal money. Windows is also not being left alone and forgotten by these people either so threats are still there for Windows.

Also you will find just as many quality applications and programs for the Apple  as you will for Windows and in most cases are more user friendly with better GUI (Graphic User Interfaces) and the initial cost as well as upgrading cost is far less with Apple than with Windows. Case in point Apple's Office suite called WORK is far less and just as powerful as Windows Office. Also the most recent Apple OSX (Maverick) Operating System was a FREE Upgrade. One more bonus with Apple. Applications and programs purchased over the Apple Store provides automatic updates to keep the program fresh and all upgrades current on your computer and also if you purchase on the Apple Store then you can use the same application on up to five different Apple Computers you own without having to pay any additional money/funds. Try and compare that to Windows.

Reply Flag as Abusive rate up rate down
~~ 2592000

Voting...

More From Our Partners