Last Friday, Apple revealed that they had discovered a critical security flaw in their software that left iOS users susceptible to “man-in-the-middle” attacks that would allow hackers to impersonate and intercept supposedly secure information that you were attempting to transmit to supposedly secure websites.

Reports indicate that this is only an issue when users share the same unsecured network. As such, if you transmitting data over an unsecured wifi network, someone could see, intercept or alter data you transmit to various websites. This data could include email communications, passwords and credit card data.

In the statement on their support website revealing the security hole, Apple didn’t say how they found out about the flaw or if it had been exploited. They did say that the problem was a result of the iOS software failing to “validate the authenticity of the connection.” As such, a man-in-the-middle attack was possible since iOS wasn’t concerned if someone other than the targeted website was getting the data.

Over the weekend, Apple issues patches to iOS 6 and iOS 7 to fix this flaw. If you get a notification to download the 6.1.6 or 7.0.6 updates to iOS, you should probably do that since they fix this issue.

The story doesn’t end with the patch, though. Security analysts have examined the iOS patches and believe that the problem isn’t limited to Apple’s iOS devices. There is some concern that the flaw is also present in Apple’s OS X software for Macintosh brand desktops and laptops.

Dmitri Alperovich, chief technology officer at security firm CrowdStrike, said that the issue wasn’t limited to an iOS flaw but is a result of a “fundamental bug in Apple’s SSL implementation.” SSL is a type of cryptographic protocol that is used to transmit encrypted data securely across the internet. I’m not really sure what that means but it sounds important to get right when designing software.

For their part, Apple hasn’t commented on the possibility of this same flaw being present in OS X.

So, if you have an Apple device, get your updates as soon as possible. Also, be careful when you connect to unsecured networks and don’t transmit any data you would rather not get intercepted.

Source: Reuters