According to recent findings from cybersecurity researchers, the way in which Apple encrypts data from numerous applications is flawed, potentially leaving many people and organizations vulnerable to man-in-the-middle attacks and other forms of malware. In the event that a Mac owner has had their machine compromised because of this issue, reboot to restore software will be key to roll back any issue and restore Mac OS back to working order.
The issue rests with the Apple SecureTransport code library, which is responsible for shielding the data used by applications such as Apple Mail, Apple Calendar and Safari, IDG News Service reported. While it affects applications, the vulnerability specifically rests within the operating system and has been found in the latest versions of iOS and OS X.
“Since this is in SecureTransport, it affects iOS from some point prior to 7.0.6 (I confirmed on 7.0.4) and also OS X (confirmed on 10.9.1),” Google software engineer Adam Langley wrote in a recent blog post. “It affects anything that uses SecureTransport, which is most software on those platforms although not Chrome and Firefox, which both use NSS for SSL/TLS. However, that doesn’t mean very much if, say, the software update systems on your machine might be using SecureTransport.”
For Apple users, this vulnerability is especially distressing for a few reasons:
- Because the issue has to do with how vital information is encrypted, it leaves users open to man-in-the-middle attacks, IDG News Service reported. This allows cybercriminals to replace SSL certificates on websites, which means that the encryption standard used by e-commerce sites and online banking establishments is flawed for these users.
- Langley noted that this is a “subtle bug deep in the code,” which is a “nightmare” to address and completely root out.
- Even the mechanism that Apple uses to disseminate software updates and patch bugs is affected by this vulnerability, meaning that the normal steps the company may take to retroactively help its users will likely not work in this instance.
“There are going to be parts of the protocol like the initial ‘handshake’ that rely on TLS, and those will be vulnerable to man-in-the-middle attacks,” said privacy researcher Ashkan Soltani, according to Forbes.
What can Apple owners do to protect themselves?
One of the only options currently available to Apple users is for the company to release a total OS update that addresses this vulnerability once and for all. Apple representatives said that a fix will be released “very soon,” but the extent of the issue and the damage it can yield means that a patch “can’t come soon enough,” Forbes contributor Andy Greenberg wrote.
Instead of waiting on patches and other legacy forms of protection, Apple users can turn to mac restore software. This way, even if a software vulnerability affects the machine, it can be brought back to working order. For organizations like schools, credit unions and utilities that deal with sensitive information, system restore solution is incredibly important for ensuring that mission-critical systems stay online no matter what threats lurk in the wild.