TechAdvisory.org

Technology Advice for Small Businesses

All about Apple’s SSL bug

Security_May03_CAs a business owner or manager you face important security issues on a daily basis to look after business computers and systems. From malware to bugs in software, there is almost always a security issue to be dealt with and it can be an uphill battle dealing with them. But, knowledge is power and knowing about security threats can help you battle them more effectively. One of the latest threats to come to light is a bug in Apple’s software that all Apple users should know about.

About the bug

News broke on many security websites mid-February about a potentially critical security flaw in Apple’s systems following the company releasing an update to their mobile operating system, iOS.

The update notes released by Apple noted that the patch “provides a fix for SSL connection verification.” This is a fairly common update as it is aimed at improving the security of communications between websites and the device. However, security experts found out that without the update attackers who can connect to a network are able to capture sensitive information being sent in banking sessions, email messages, and even chat messages using what’s called an SSL/TSL session.

What exactly is SSL/TSL?

Secure Sockets Layer (SSL) and Transport Layer Security (TSL) are used in networks to essentially establish an encrypted link between a server and your computer. They are most commonly used to secure websites and the transmission of data. Take a look at some websites and you may see a padlock on the URL bar, or https:// in the URL. This indicates that the website is using SSL or TSL encryption to protect the data that is being transmitted e.g., your bank account information on a website.

In other words, SSL and TSL are used to ensure that information is exchanged securely over the Internet.

What was the problem and what software was affected?

It was found that there was a bug in the code Apple’s software uses to establish a SSL connection which causes the whole SSL system to fail, potentially exposing data that should have been encrypted to anyone connected to the network with the right tools.

According to security experts, this bug has been found to affect devices running older versions of iOS 7, OS X 10.8 and newer, Apple TV, and possibly iOS 6. It is important to note that the bug is only found in Apple’s SSL technology. Any app that uses Apple’s version of SSL could be affected.

Has Apple solved this?

Luckily, Apple has released updates to all of their devices that should solve this security exploit. If you have not updated your device or computer since the middle of February you could be at risk.

How do I prevent my systems from being affected?

The first thing you should do is to update all Apple related apps and devices, including all mobile devices. If you are unsure about whether your apps are secure enough, try using another app, especially another browser. The reason for this is because browsers like Chrome and Firefox all use a different SSL technology and are unaffected by this bug.

You should also remain vigilant and not connect to any open or public Wi-Fi connections or even secured Internet connections that could be easy to break through. Basically, as long as you update you should be fine. However, it may be worthwhile using another browser if you are really worried about whether you have a secure connection.

If you are looking to learn more about this security flaw, or how you can secure your business from threats like this, contact us today. We can help.