Apple recently dished out the iOS 7.0.2 update which, among other things, patched a security flaw in the mobile OS. Now, the company has confirmed that OS X contains a similar flaw and that a patch is coming very soon.
We are able to gauge the nature of this flaw in OS X quite well given that the release notes of iOS 7.0.2 come with a brief description of it. The release notes explain the flaw as this:
“Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.”
In other words, a hacker can intercept communication using SSL/TSL security over an OS X machine until a patch arrives and takes care of this security flaw. It occurs due to a faulty interpretation of digital certificates which are needed to establish a secure SSL/TSL connection for safe communication. All Apple needs to do is plug in the missing code and the issue will be resolved, which is apparently what the iOS 7.0.2 update has done for iOS.
According to an Apple spokesperson, “We are aware of this issue and already have a software fix that will be released very soon.” OS X users can expect a patch to arrive within the next two to three days. Until then, hang in tight and don’t divulge any critically significant information over an SSL/TSL connection.
Courtesy: Apple Insider