Apple gotofail bug addressed with update, some iDevices bricked
Security firm CrowdStrike recently revealed that Apple devices including the iPhone, iPad touch, iPad and Apple TV running iOS have a vulnerability that allows hackers to “capture or modify data in sessions protected by SSL/TLS.” Essentially, it means that personal information can be intercepted when you’re connected to a shared WiFi network. The firm also warned that Apple’s OS X could also be affected by the vulnerability, which allows hackers to impersonate users on secured sites such as bank login pages to get your login details.
“Update your Apple devices and systems as soon as possible to the latest available versions. Do not use untrusted networks (especially Wi-Fi) while traveling, until you can update the devices from a trusted network. On unpatched mobile and laptop devices, set the ‘Ask to Join Networks’ setting to OFF, which will prevent them from showing prompts to connect to untrusted networks,” CrowdStrike advised Apple users.
The vulnerability is an erroneously used ‘goto’ command found within iOS’s and OS X’s code, thus it was dubbed as the “gotofail” bug. According to privacy researcher Ashkan Soltani, the bug also affects OS X apps such as Mail, Twitter, FaceTime, iMessage, iBooks, and even Apple’s software update mechanism, which when connected to an unsecured WiFi network would render the device vulnerable to attacks.
Apple moved quickly to address the problem and has released updates for iOS 7 and OS X Mavericks.
If you want to update to OS X 10.9.2, just click on the Apple icon on the upper left hand corner of your screen, then click on “Software Update.” The update page will pop up and you can click on the Update button, then click on “Download and Restart” to initiate the process.
Once the process is complete your Mac will no longer be affected by the gotofail bug.
For iOS users, go to Settings > General > Software Update, then tap on the Update button to get iOS 7.0.6. You need agree to Apple’s Terms and Conditions to initiate the update. Your phone will restart once its done updating. This will fix the SSL bug.
Unfortunately, iPhone 5S and iPad Air users have reported encountering problems after updating their devices to iOS 7.0.6. Various people have complained their devices would not turn back on after the update. In Apple’s Support Communities, some users reported having their devices were bricked after the update. Fix suggestions include resetting the phone by holding the sleep and home buttons simultaneously for 10 seconds, a trick that worked for some users, but apparently not for others, even when the device was plugged into their Mac computers. Normally, iTunes can detect iPhones or iPads in recovery mode, but it didn’t happen in some cases
Apple has yet to acknowledge or address the bricking issue.
For iPhone 5S and iPad Air users, you may want to hold off on updating your devices to iOS 7.0.6 until Apple has addressed this, in spite of Crowdstrike’s warning to update as soon as possible. Also, you may want to stay away from unsecured WiFi connections to prevent hackers from getting their hands on your sensitive information.
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.