Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Yutaka Tsutano via Flickr/Creative Commmons

This huge security flaw affects (nearly) all iPhones, iPads, and Apple computers

The flaw affects how secure data is sent over the internet.

A SOFTWARE BUG called “Gotofail” currently affects every single Apple device, whether it’s an iPhone, iPad, or desktop or laptop computer.

If you own of these devices, but have not updated it in the last few days, it is currently vulnerable.

Apple revealed that the security flaw in its iOS operating system for iPhone and iPad affects encryption.

That’s how data gets sent over the Internet without you having to worry about people reading your emails or stealing your credit card number when you buy something from Amazon.

“Gotofail”

The name “Gotofail” is a reference to the “goto” computer command.

A fix recently went out to iOS customers that renders this bug a non-issue, so if you haven’t updated your iPhone or iPad’s software recently, be sure to do so.

There’s a full guide right here, but you’ll want to plug your phone in as of you’re charging it, open the Settings app, select “General”, then “Software Update”, and follow the instructions that appear.

OS X users are still waiting for a fix.

Official word from Apple is that it will come “very soon.”

Hacker

Gotofail directly affects OS X apps. Any hacker monitoring them would find a goldmine of data if they wanted it. Major communication apps like Apple’s email client and iMessage are vulnerable, even the Safari web browser.

Privacy researcher Ashkan Soltani shares the full list in this screenshot.

A security firm called Crowdstrike explains how Gotofail works:

It “enables an adversary to masquerade as coming from a trusted remote endpoint, such as your favourite webmail provider and perform full interception of encrypted traffic between you and the destination server,” and it “give[s] them a capability to modify the data in flight (such as deliver exploits to take control of your system).”

More plainly, this bug tricks your computer into thinking that it’s communicating with safe, highly trusted servers on the Internet even if those servers are being used by hackers to monitor and alter the data you send and receive online, even if it’s encrypted

Here’s what cryptographer and John Hopkins University professor Matthew Green had to say:

image

Apple is generally the company that can be looked at to take care of stuff like this for us, but the way that Apple computers run right now leave them less than totally safe.

OS X users who want to protect themselves until Apple issues an official fix: the very least you can do is stop using Safari if you weren’t already using something else.

Try Firefox or Chrome for your web browsing needs and you’ll be able to continue making those Amazon purchases without worry.

- Dylan Love

Read: Apple buys back $14 billion of its own shares in two weeks >

Damien Kiberd: Why neither Ireland nor USA wants to question tax haven >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Published with permission from
View 73 comments
Close
73 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds