iPhones may be vulnerable to hacker attack, Apple issues fix

6:40 AM, Feb 24, 2014   |    comments
  • Share
  • Print
  • - A A A +



(USA TODAY) SAN FRANCISCO - A security flaw could allow email and passwords to be intercepted from millions of Apple's iPhones.

The flaw allows hackers to intercept and change email messages and login credentials on multiple Apple products.

Apple released a patch Friday for the security problem. Most phones, iPods and iPads will update automatically and the security hole will be closed.

The patch was issued for iPhones 4 and 5, the fifth generation iPod touch and the second generation iPad.

Computer writer Kim Komando sent an email blast Saturday advising Apple product users to follow these steps to install the patch: 

"For iOS users: Go to your settings icon - you should see a little red "1? telling you there's an update available.Click 
on it, and then go to Software Update and then "Install Now."

Apple did not immediately respond to a USA TODAY inquiry early Sunday.

The website AppleInsider published a report Saturday saying Apple was working on a fix for OS X, the operating system on its computers.

Apple told Reuters on Saturday that a software update to protect Apple computers against hackers and spies who might try to exploit the flaw would be issued "very soon."

The flaw exploits a vulnerability with security certificates signed by what are known as "trusted certificate authorities."

Security certificates are a basic component of computer security. They are attachments to electronic messages that verify the user sending a message is who he or she says he is. They contain information about the certificate owner, including an internet address, when it can be used, how long it is valid for and where it lives on the web.

Most importantly, the certificates carry a code (called a hash) showing they have not been tampered with.

When connecting to a web site, the Apple device should check to make sure that the site is who and what it says it is, using the certificate.

However a missing bit of computer code meant the certificates were not checked.

That would allow a malicious hacker to perpetrate what's known as a Man in the Middle Attack. Here, someone uses a faked certificate of authority to fool the device into believe it is interacting with a trusted host.

That allows the Man in the Middle to intercept all the messages (including passwords) that go between a person's iPhone and a web site, for example.

A hacker exploiting that security flaw could use it to pretend he or she was the trusted website and then steal data such as credit card numbers the phone user was sending. It could also be used to install malicious software that would stay on the phone, secretly feeding information to the hackers long after the original attack was done.

Computer scientist Adam Langley said on his blog, "This sort of subtle bug deep in the code is a nightmare. I believe that it's just a mistake and I feel very bad for whomever might have slipped in an editor and created it."

You may also like...

Underwater Secret: Hidden caves beneath Weeki Wachee

Rollercoaster Rescue: 16 stranded after ride malfunction

Car Crash tragedy: USF students killed in interstate wrong-way crash

Hungry Sinkhole: Hole opens beneath Corvette museum, swallows 8 cars

Be my McValentine: Romantic reservations at McDonald's

Card Game Murder: Man sentenced for Magic: The Gathering killing

Treason? Secret Service visits candidate who says Obama should hang

Sasquatch on Tour: "Dead Bigfoot" on display in Texas

Here kitty, kitty: Lion escapes enclosure at Pasco sanctuary

#ShortYellows: Florida quietly shortened yellow lights

Kittens shot: Officer shoots kittens in front of children

Popular photo galleries:

Faces of Meth: Devastating before and after photos of meth abusers

Trayvon Martin Shooting: Trayvon Martin crime scene photos and George Zimmerman injury photos 

Hooters Winners: Winners of the 2013 Hooters swimsuit pageant

Rejected: Funny Florida license plates rejected by the DMV ***warning graphic***

Deadly sinkhole: Home collapses, man dies in giant sinkhole

Popular Databases:

Florida Sex Offenders: Look up sex offenders in any Florida neighborhood here

Restaurant Inspections: Look up inspection reports for any Florida restaurant here

Most Watched Videos