Monday, February 24, 2014

Massive Security Flaw Found in iOS and OS X 10.9 Mavericks

There is a newly discovered security flaw present in Apple's iOS and OS X 10.9 (Mavericks) that has many people concerned. The flaw is believed to be caused by a single repeated line of code and effectively leaves hundreds of millions iOS and OS X Mavericks devices open to hackers. 

The flaw allows for a man-in-the-middle attack to be executed on anyone connected to the same wifi hotspot an attacker might be using. These kinds of attacks occur when an attacker intercepts the 

information being sent between two parties - you to your bank's website for example - and then impersonates each party to the other.  This allows the attacker to access any and all information
you're sending out. Banking information, credit cards, social media postings, email, and any website login information are all able to be intercepted while connected to the same wifi hotspot. 

This effectively makes public wifi hotspots a perfect location to perform the attacks. A stranger can sit in a busy coffee shop, run the attack, and gather information without any of the victims ever knowing anything was amiss. This is the kind of scenario where a VPN service like GoTrusted becomes invaluable. Anyone connected to our service would be protected from such an attack. Our encryption would make it impossible for the attacker to read any of the information coming over the connection. Making sure your your personal information is kept personal.

It's not entirely clear how long the flaw has been present. It could date back to when the iPhone 4 was released in 2010 or may have been introduced with past software updates. All iOS are urged to not use any public Wifi until they update their iOS version with the new patch. Apple has not released a timeline for the OS X Mavericks to be patched so users should make sure their GoTrusted is running if connecting to any public networks. You can read more about the security flaw here and a more detailed rundown on the flaw on Krebs on Security.