NEW YORK (MainStreet) On Friday Apple dropped a frightening bomb that could explode in the hands of many millions of iPhone, iPad, and iPod Touch users. A flaw, baked into the latest mobile operating system iOS 7, potentially could give a hacker plain visibility into your email and other messages you otherwise had reason to believe were transmitted in an encrypted (Secure Socket Layer) format.
Guess what: that SSL interface apparently had failed in this iOS version.
It gets worse: Apple also said a similar vulnerability exists is its OS X operating system for desktop and laptop computers.
Apple on Friday issued a patch for its mobile iOS flaw. The OS X patch has yet to be released.
Questions explode: how much risk have you incurred? What do you need to do now? Should you download - and trust -- the patch?
According to CrowdStrike, a security company that has blogged extensively about this iOS vulnerability, in a worst case scenario a criminal could exploit that flaw and literally take control of a victim's device.
How did this happen? How did Apple fumble security so grievously? Pierluigi Stella, chief security officer at security company Network Box USA, said that the flaw is "the fruit of what appears to be a gross programming oversight. Apple themselves admit that the issue is caused by a 'failure to validate the authenticity of the connection.' Wow Apple; where were you when this code was being written?"
As for your personal vulnerability, do note: this flaw kicks in only if an attacker has control of the same transmission network you are using (typically WiFi, although some researchers say the same access could be gotten by a criminal who has control over a cellular data network). In practical terms, this means if you have used public WiFi - at a coffee shop, in an airport, at a hotel, in a university cafeteria - you may have had data intercepted and an attacker may have gotten significant visibility into your device.