In simple language, if you were using a iPhone 5s and sitting in a restaurant offering free unsecured wireless network, an attacker/hacker would have been able to see the exchange between you and your email or social network before it went for encryption. In not so many words, the hackers could have seen all the exchanges you had on your Gmail, Facebook, Twitter and other secure websites. The flaw exists basically due to a extra line of “goto” code that bypasses the iOS system’s authentication process, allowing a third party (hacker/attacker) to intercept your personal emails as well as view your Internet traffic. This also means that the flaw would have allowed the potential hacker to take full control of your system.
“It’s as bad as you could imagine, that’s all I can say,” said Johns Hopkins University cryptography professor Matthew Green.
Though Apple accepted the flaw but it did not say or comment on when or how it learned about the flaw. It is also not known whether any hackers/attackers took advantage of this zero hole during the time it was not patched and exploited it for personal gains.
All in all, it issued a rather blunt statement on its website on Friday saying “failed to validate the authenticity of the connection”. But no sooner it put this comment, its engineers worked overtime to patch this exploit. And by Friday night, Apple software patches and an update for the current version of iOS for iPhone 4 and later, 5th-generation iPod touches, and iPad 2 and later.
Readers may kindly note that this bug affects the Apple Safari browser and if you have not updated your iOS 7 or Mac OS X with the relevant security patch, you may do well not to use the Safari Browser for the time being. The patch for iOS 7 users is available here. However till the writing of this article Apple has not issued any fix or patch for the Apple OS X users as such they have to be extra careful while surfing the net.
Some users have commented on the forums that Apple may have knowingly left this hole in the goto code as a backdoor for NSA and the US Government to snoop on targets while others say that this is just a malformed code due to bad programming. Whatever the truth and whenever it is out, till such time it is requested to use Google’s Chrome or Mozilla Firefox to browse/use internet.
