Yesterday, Apple released OS X 10.9.2, and if you haven’t already — download it ASAP.
We know, we know: the endless stream of updates on your Macbooks, iPhones and iPads is tedious. However, the patches that Apple released for iPhones and iPads on Friday and the patch released for Macbooks and iMacs Tuesday don’t just fix normal glitches and bugs. The updates fix a serious security flaw that could allow hackers with malicious intent to intercept your emails, banking information, passwords and other sensitive data.
The security problem is pretty complicated and has to do with SSL-encrypted communications, but basically, according to Apple’s support page, current software “failed to validate the authenticity of the connection.”
“Without the fix,” Reuters reported, “a hacker could impersonate a protected site and sit in the middle as email or financial data goes between the user and the real site.”
This flaw is a huge, huge deal. Given Apple’s reputation as a purveyor of technology products that are immune to attacks from cybercriminals, the security loophole is a huge embarrassment for the company.
According to Chris Williams of The Register, a U.K. publication specializing in information technology news, Apple’s failure to alert its customers of the security flaw for days after detecting the bug was unprofessional. Furthermore, Williams argued that Apple waited to release the patch in order to bundle it with an upgrade for making voice calls with FaceTime.
“On Monday, amid the fallout of the SSL bug, Apple CEO Tim Cook reflected on the anniversary of Apple co-founder Steve Jobs’ birth, tweeting: ‘Remembering Steve on his birthday: ‘Details matter, it’s worth waiting to get it right,’’” Williams wrote. “For users fearing their passwords and bank account details were about to be put in the hands of crooks, that wait felt like an eternity.”
Apple has remained tight-lipped about the flaw, naturally.
According to Reuters, “Apple did not reply to requests for comment. The flaw appears to be in the way that well-understood protocols were implemented, an embarrassing lapse for a company of Apple’s stature and technical prowess.”
The security issue and Apple’s decision not to notify users immediately after the issue was detected reminds us that even seemingly reliable brands act in self-interest. Of course Apple didn’t want users to realize that it made a stupid mistake. This proves that it’s up to iPhone, iPad and Macbook owners — or any technology owner, for that matter — to be savvy when it comes to the security of his or her data. The prevailing attitude toward issues such as identity theft and email interception seems to be one of “That could never happen to me.”
However, just as our phones and computers become smarter and more intuitive, so do cyber criminals. It’s more important than ever to make sure you pay close attention to updates.
Viva la iOS 7.0.6!
[A version of this editorial ran on page 6 on 2/26/2014 under the headline “Apple security flaw proves companies act in self-interest"]
