A patch to iOS (7.06 and 6.1.6) yesterday revealed a deep-seated security flaw within both iOS and Mavericks (OS X 10.9 and 10.9.1). You can read about the flaw here and here, but what it comes down to is a typo by one of the Apple engineers.


What it means for you is that all secure communications, like when you sign onto your banking site through Safari, or check your mail using Mail.app, could have been compromised by an attacker.

Note that I said “could” and not “was”. I haven’t heard reports that this flaw has been exploited in the real world, but now that the cat’s out of the bag, someone may try.

From what I can see, this flaw won’t directly lead to an attacker gaining access to your password, but rather fool your browser into thinking it has reached a legitimate site instead of a close copy set up by the miscreant. Of course, once you think you’ve reached your bank, for example, you will probably enter your password and any other information it requests.

Bottom line: Update your iOS device to the latest version as soon as you can. Update your desktop as soon as there is something available, or use FireFox or Chrome (both unaffected) when signing on to a secure site, especially on a public network.

You can confirm the flaw by using this link. If you can see that page, your browser is not performing the correct security check and is affected by the flaw.

[Written by Kem Tekinay]