A flaw in Apple iOS and OSX operating systems, for mobile and desktop devices, could allow hackers to collect information relayed over secure protocols normally understood to protect the data with industry standard encryption methods.
Mistakes in the implementation of session control during SSL transactions, a way to ensure that secure channels remain secure during the entire transmission, could allow attackers to view or modify data as it is exchanged between a user and their email or social media service.
“It’s as bad as you could imagine” said Matthew Green, a cryptography professor at Johns Hopkins University.
Reports indicate that Apple would not confirm when or how it learned of the flaw in its operating systems or if it is aware of exploits in the wild. A statement on Apple’s website said simply the software “failed to validate the authenticity of the connection.”
Software patches for the mobile operating system iOS have been released, but as of this writing patches or updates for their desktop operating system OSX Mavericks are not yet available.
By Brian Ryer