Security firm CrowdStrike recently revealed that Apple devices including the iPhone, iPad touch, iPad and Apple TV running iOS have a vulnerability that allows hackers to “capture or modify data in sessions protected by SSL/TLS.” Essentially, it means that personal information can be intercepted when you’re connected to a shared WiFi network. The firm also warned that Apple’s OS X could also be affected by the vulnerability, which allows hackers to impersonate users on secured sites such as bank login pages to get your login details.

“Update your Apple devices and systems as soon as possible to the latest available versions. Do not use untrusted networks (especially Wi-Fi) while traveling, until you can update the devices from a trusted network. On unpatched mobile and laptop devices, set the ‘Ask to Join Networks’ setting to OFF, which will prevent them from showing prompts to connect to untrusted networks,” CrowdStrike advised Apple users.

The vulnerability is an erroneously used ‘goto’ command found within iOS’s and OS X’s code, thus it was dubbed as the “gotofail” bug. According to privacy researcher Ashkan Soltani, the bug also affects OS X apps such as Mail, Twitter, FaceTime, iMessage, iBooks, and even Apple’s software update mechanism, which when connected to an unsecured WiFi network would render the device vulnerable to attacks.

Apple moved quickly to address the problem and has released updates for iOS 7 and OS X Mavericks.

If you want to update to OS X 10.9.2, just click on the Apple icon on the upper left hand corner of your screen, then click on “Software Update.”  The update page will pop up and you can click on the Update button, then click on “Download and Restart” to initiate the process.

Once the process is complete your Mac will no longer be affected by the gotofail bug.

For iOS users, go to Settings > General > Software Update, then tap on the Update button to get iOS 7.0.6. You need agree to Apple’s Terms and Conditions to initiate the update. Your phone will restart once its done updating. This will fix the SSL bug.

Unfortunately, iPhone 5S and iPad Air users have reported encountering problems after updating their devices to iOS 7.0.6. Various people have complained their devices would not turn back on after the update. In Apple’s Support Communities, some users reported having their devices were bricked after the update. Fix suggestions include resetting the phone by holding the sleep and home buttons simultaneously for 10 seconds, a trick that worked for some users, but apparently not for others, even when the device was plugged into their Mac computers. Normally, iTunes can detect iPhones or iPads in recovery mode, but it didn’t happen in some cases

Apple has yet to acknowledge or address the bricking issue.

For iPhone 5S and iPad Air users, you may want to hold off on updating your devices to iOS 7.0.6 until Apple has addressed this, in spite of Crowdstrike’s warning to update as soon as possible. Also, you may want to stay away from unsecured WiFi connections to prevent hackers from getting their hands on your sensitive information.

photo credit: Jan Persiel via photopin cc