A bug in Apple's iOS mobile operating system and OS X desktop software has left users vulnerable to cyber attacks, allowing hackers to access information that is meant to be encrypted. The firm has a rushed an iOS software fix to address this.
The vulnerability means that connections supposedly protected by Secure Sockets Layer (SSL) technology were in fact vulnerable to hacking attempts from cyber criminals. The criminals used man-in-the-middle attacks to intercept details such as usernames and passwords. Devices connected to public WiFi networks are particularly vulnerable to these kinds of attacks.
According to Google software engineer Adam Langley, the flaw was caused by a coding error in which a line of code – "goto fail" – was used twice instead of once. This means, despite checks, a malicious site or server masquerading as a legitimate one would be considered legitimate by the device.
An Apple support page described the flaw: "An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS [transport layer security]".
It continued: "Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps."
Owners of iPhone and iPad devices began receiving the update over the weekend.
The bug affects devices running some recent versions of iOS 7 and some versions of Mac OS X 10.9 Mavericks. Apple has released a patch for iOS, but is yet to do the same for OS X. A statement from Apple shared with TechCrunch said the firm was working on a fix that would be released "very soon".
Users can check to see whether they are vulnerable or not by visiting gotofail.com, which will inform them whether the bug is present on their Apple device.
Apple products are often considered as the most secure option by businesses looking to roll out mobile devices, and such a seemingly simple mistake will come as a blow to Apple's reputation.
Furthermore, the fairly low-key way in which Apple has rolled out the update – and the number of devices that are vulnerable – means it is likely the fallout of the bug will last for some time.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago