If you’re using an iPhone or Mac running OS X Mavericks, immediately run a software update. Apple’s iOS and OS X platforms received updates on Friday and Tuesday, respectively, fixing a security hole that left millions vulnerable to hackers after sensitive personal information.
The issue was in the way Apple handled securely transmitting data over the Internet using SSL. SSL (Secure Sockets Layer) and TSL (Transport Layer Security) are both cryptography protocols that protect information like usernames and passwords and prevent hackers from spying on your browser’s activity.
When viewing banking or email accounts you may see a lock in your browser’s URL bar, indicating your data is private and protected by these encryption systems.
The security hole allowed hackers on the same Wi-Fi network to potentially view unencrypted data and personal information. The flaw originates from a faulty line of code in Apple’s SecureTransport method of verifying the legitimacy of a site’s SSL certificate.
On Friday a patch was released for iOS devices, fixing the security hole affecting millions of users, but was still present on Apple’s OS X-powered machines running Mavericks, the company’s latest operating system.
Researcher Ashkan Soltani discovered the bug affected any Mac app that used the SecureTransport security protocol, including Twitter and Apple’s Mail app. “For example, when your Calendar or Mail.app synced to Gmail,” Soltani wrote, “those communications were vulnerable to eavesdroppers on the network as a result of this error.”
Want to make sure your iOS device or Mac is protected from this security exploit? You can update your iOS device using iTunes or the Settings app on your phone. On your Mac, you can click Software Update in the Apple menu.