It's being reported today that a major flaw in Apple's software for mobile devices could allow hackers to intercept email and other communications that are meant to be encrypted, the company said on Friday, and experts said Mac computers were even more exposed. Report Updated 5:32 PM EST. The issue is still not resolved at this time on Macs.
Reuters is reporting that "If attackers have access to a mobile user's network, such as by sharing the same unsecured wireless service offered by a restaurant, they could see or alter exchanges between the user and protected sites such as Gmail and Facebook. Governments with access to telecom carrier data could do the same."
Reuter further notes that a statement on Apple's support website is blunt: The software "failed to validate the authenticity of the connection." Apple did not say when or how it learned about the flaw in the way iOS handles sessions in what are known as secure sockets layer or transport layer security, nor did it say whether the flaw was being exploited.
Johns Hopkins University cryptography professor Matthew Green noted that "It's as bad as you could imagine, that's all I can say. Without the fix, a hacker could impersonate a protected site and sit in the middle as email or financial data goes between the user and the real site."
Updated 5:33 PM EST: According to a Reuters update just released, Apple noted today that it would issue a software update "very soon" to cut off the ability of spies and hackers to grab email, financial information and other sensitive data from Mac computers.
The report noted that while Apple released a fix Friday afternoon for the mobile devices running iOS, it became clear after experts dissected it, that the same fundamental issue remained in the operating system.
According to Reuters, "That started a race, as intelligence agencies and criminals will try to write programs that take advantage of the flaw on Macs before Apple pushes out the fix for them.
The flaw is so odd in retrospect that researchers faulted Apple for inadequate testing and some speculated that it had been introduced deliberately, either by a rogue engineer or a spy. Former intelligence operatives said that the best "back doors" often look like mistakes.
Apple's spokewoman Trudy Muller declined to address the theories noted in the report. For more on this, see Reuters follow-up report here.