We strongly encourage you to update your iPhones, iPads, and Macs running Mavericks as soon as possible!
Last week Apple released an update for iOS that fixed “SSL connection verification“, which caused a lot of people to perk up and wonder exactly what that meant. This was followed up by an alarming notice from Apple regarding the integrity of SSL connections on iOS. Long story short, a small programming glitch caused Apple products to silently fail at checking SSL certificates in certain situations.
This is a major problem: SSL certificates provide websites with essential security, signified by URLs starting with https instead of http. Banks use it, critical applications use it, and hundreds of pieces of software rely on SSL working flawlessly to ensure the security of data passing between you and a website. Security professionals quickly discovered that this issue not only affected iOS devices, but desktop and laptop Macs running Mavericks as well. On February 25th, four days after the iOS update, Apple released a similar update to Mavericks, version 10.9.2, which fixes this issue on the desktop- and laptop-side. (Note: earlier versions of Mac OS X are safe, this only affects 10.9 Mavericks.)
If you haven’t already updated your iPhone or iPad, update as soon as you can! You can update your iOS software any time by going to the Settings app, clicking the General section, and selecting Software Update. If you own a Mac desktop or laptop running Mavericks (Apple’s latest operating system), also update as soon as you can! You can run updates on your Mac by clicking on the Apple menu in the top-left and clicking on “Software Update…”.
For those curious about seeing the glitch itself, German newspaper Der Spiegel points out the flaw in Apple’s code here. It’s pretty simple: that
goto fail; line existing twice in that context makes the process skip necessary security checks, meaning your secure connection might not be adequately checked to see if it’s actually secure. For those of you who are really curious about how security works with Apple devices, check out this white paper Apple just released.
For more information on critical security issues like this, follow this blog or follow us on Twitter. If you need any help updating your device, feel free to contact the Help Desk by calling 617-824-8080 or using our online Help Center if you have any questions or concerns.