The news of a security hole in Apple’s iOS and Mac OS X Mavericks operating systems is still an ongoing issue, especially since Apple has yet to release a patch for Mavericks users. An update to iOS, (7.0.6 and ) was issued on Friday to close the hole but to this point, Apple has only said that a patch will be coming for OS X Mavericks “very soon.” The security hole was caused by a coding error that essentially bypassed the SSL encryption check that applications perform.
Simply put, users who are on a public network such as at a coffee shop or in an airport have their data potentially exposed to prying eyes. The coding error has been described as simple, elegant, and as a big mistake or possibly a malicious act by various sources. Essentially a “goto fail” command was duplicated allow the SSL security check to be completely bypassed. Simple and elegant it may be, but many are questioning how such a coding error could have occurred or not been caught.
So, while iOS users can update and have some relative peace of mind, OS X Mavericks users are still left in waiting mode. Independent research Ashkan Soltani has published a list of Apps that Mavericks users might want to avoid if connecting via an open network. Those Apps include:
- Software Update
Or to put it another way, if you are concerned you might want to use another device if you need to log on to a public network to get any work done with those Apps and others not yet identified. The pressure is mounting for Apple to publish a patch sooner rather than later and I would imagine we’ll hear news about that early in the coming week. If not, we’ll hear news about that not being the news, rest assured.