“Apple recently released iOS 7.0.6 with an important security update for iPhone, iPad, iPod touch users – if you have an iOS device, you should install that update right away,” OS X Daily reports. “Though the 7.0.6 bug fix description was initially vague, further information we’ll detail below points to just how potentially serious the security issue is (or was) – basically, someone could intercept your data given the proper circumstances – and while the problem has been patched on the iOS side, the same security flaw exists for OS X for the time being.”
“To put it simply, an attacker could use this flaw to intercept data, like email, passwords, banking information, communications, basically anything, if the attacker is on the same network as you, or is otherwise able to get between your computer and a remote serverOS X Daily reports. “This is why it is so important to avoid untrusted networks, it greatly mitigates risk.”
3 Easy Tips to Help Protect a Mac from the SSL / TLS Security Flaw
• Avoid all untrusted network
• Check your web browser with GoToFail
• Be sure the trusted wi-fi network uses WPA2 security active
OS X Daily reports, “So, let’s summarize: iOS devices should update to iOS 7.0.6 or iOS 6.1.6 NOW, using a trusted network. iOS users should actively forget wi-fi networks they do not trust. No user of any device should join untrusted networks until they install the appropriate patch, and are probably better off avoiding untrusted networks in general. All Mac users should install the appropriate security update for OS X right away when it has been released (yes, we’ll post about it when it’s out). It’s not a guarantee, but by following that advice, you’re certainly better off than not.:
More details in the full article here.
“Researchers are warning that the flaw seems to affect Safari, rather than Chrome or Firefox, so switching browsers may offer a partial workaround for the vulnerability,” Andy Greenberg reports for Forbes. “I tested several browsers against a proof-of-concept demonstration of the bug recommended by several security researchers at GotoFail.com and found that Safari was in fact vulnerable to the attack, while Chrome and Firefox appeared to be unaffected. But the test shouldn’t be seen as definitive, and the impact of the flaw goes beyond browsers. Security researcher Ashkan Soltani has found that it may affect Apple’s Mail application as well, according to Ars Technica.”
“I’ve contacted Apple for comment, and I’ll update this post as soon as I hear from them. The company tells Reuters that it plans to release a second patch for OSX ‘very soon,'” Greenberg reports. “Until Apple releases a patch of its own, users should update their iOS devices to the latest version, users Chrome and Firefox rather than Safari, and try to avoid untrusted networks.”
Read more in the full article here.
[Thanks to MacDailyNews Readers “Fred Mertz” and “Lynn Weiler” for the heads up.]