Due to a “major flaw” in Apple’s software, users’ email, messages, and password information — which are supposed to be encrypted — were left vulnerable to hackers. The company did not say whether anyone had exploited the issue, but it’s clear that it’s a pretty big problem. According to Johns Hopkins University cryptography professor Matthew Green, “It’s as bad as you could imagine, that’s all I can say.”
Specifically, the problem was caused by a missing bit of computer code that was supposed to check for necessary security certificates. That left the devices open to man-in-the-middle attacks that would allow hackers to use a “faked certificate of authority to fool the device into believing it is interacting with a trusted host.” NBC News explains, “If attackers have access to a user’s network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook, experts said.”
USA Today reports that Apple released a patch that would close the security hole for iPhones 4 and 5, the fifth-generation iPod Touch, and the second-generation iPad. If your phone automatically updates, it should be fixed. If not, do make sure to install the software update. However, AppleInsider reported Saturday that Apple was still working on a fix for its computer operating system OS X.
