If you own an iPhone, iPad touch, iPad or Apple TV, head into the Settings app at your earliest convenience: Apple has just pushed out a software update that fixes a fairly major security flaw in the mobile operating system.
According to the notes accompanying the update, the vulnerability allows hackers to “capture or modify data in sessions protected by SSL/TLS” — essentially, your information could be exposed if you’re on a dodgy Wi-Fi network and someone is trying to intercept your data. The new 7.0.6 and 6.1.6 updates fix the issue.
Security flaw or not, it’s always good practise to exercise caution whenever you’re connecting to a network that isn’t at your home or office. If you’re on a public network that anyone can connect to, you should only visit sites that use encrypted connections (i.e. starting with https rather than http). The bug unearthed in iOS means these encrypted connections can be hacked into as well as standard unsecured connections.
There could be more bad news on the way for Apple: researchers at security firm CrowdStrike say OS X could be affected too. The vulnerability means hackers could impersonate secured sites such as your webmail service or your bank and hoover up your login details. A fix for OS X is expected from Apple in the near future.
CrowdStrike has some straightforward advice for Apple users: “Update your Apple devices and systems as soon as possible to the latest available versions. Do not use untrusted networks (especially Wi-Fi) while traveling, until you can update the devices from a trusted network. On unpatched mobile and laptop devices, set the ‘Ask to Join Networks’ setting to OFF, which will prevent them from showing prompts to connect to untrusted networks.”
