A fix has been issued by Apple Inc. to a flaw in the OS X operating system of the company, which had previously left users exposed to security breaches while they were browsing online. Last week, a software update was released to the iPhone, iPod and iPad owners for protecting the users from an ‘attacker’ who would have the capability of ‘capturing or modifying data’. Later, it was discovered that the problem also existed on the desktop computers and laptops that were running on the company’s OS X. On Tuesday, Apple used its software update service for issuing a security fix.
At first, the problem was spotted on the iPhone maker’s mobile devices that were running on the iOS 7 operating system. It was connected to the way Apple’s safari browser makes secure connections with different websites, which includes banking sites, Facebook and Google. Digital security certificates are maintained by these sites that enable the establishment of an encrypted connection between the website and the user’s computer. This means that any data that’s sent over this connection remains secure. However, the code for Apple’s OS X operating system and iOS was vulnerable, which meant that the security certificates weren’t being checked in the right way.
This meant that a website could be impersonated by hackers and they could capture the data that was being sent over the connection before allowing the data to continue its journey to the actual website. The company released the fix on Tuesday. Researchers were of the opinion that this security flaw had existed for months, but it hadn’t been reported publicly by anyone. A security analyst from MenaEntrepreneur.org said that it was a mark against the company that it hadn’t identified the flaw earlier. He said that hackers could have been taking advantage of this flaw for a long while and would keep doing so, until the fix had been provided.
Eyebrows are also being raised by several coding experts who have noted that the timeline of the inception of this security flaw is similar to that of leaked NSA slides, which document how the spy agency had gotten access to the servers of Apple Inc. It was also found that this flaw was not present in iOS 5.11, but only existed in iOS 6. Immediately, it was noted by tech experts that iOS 6 had a release date of September 2012 and this was only a month before the smartphone giant had been added to the list of penetrated servers of the NSA as per the slides that had been leaked by Edward Snowden.
It was noted by some that even though there was circumstantial evidence, it seems to fit where the Apple breakthrough by the NSA is concerned. It is also possible that the bug had been planted by the NSA through an Apple employee or it could also be an error on the part of Apple’s engineers. Even if NSA was not behind the bug, they definitely could have taken advantage of it to access Apple’s servers.