Apple’s OS X security hole affects slew of apps, researcher claims

By Trevor Mogg Published February 24, 2014

hackers russia steal 1 billion usernames passwords security — Image used with permission by copyright holder

It looks as if it’s going to be a busy start to the week for Apple’s security team, with more bad news surfacing in connection with a recently publicized ‘gotofail’ vulnerability in its mobile and desktop operating systems.

The tech firm on Friday rolled out an urgent fix for iDevices running iOS 7 after it was discovered it was possible for hackers to obtain a user’s data via a shared Wi-Fi network. Shortly after, it emerged the Safari browser on Mac computers was also affected, with Apple promising to roll out a fix soon.

Recommended Videos

The situation could be more serious than first feared, however, as a privacy researcher is claiming the bug affects a whole bunch of OS X applications, among them Mail, Twitter, FaceTime, iMessage, iBooks, and even Apple’s software update mechanism, Forbes reported Sunday.

Washington, DC-based Ashkan Soltani posted the list of vulnerable programs on Twitter, which, if accurate, means a hacker could potentially “capture or modify data in sessions protected by SSL/TLS” – in other words, data passing between a computer and servers over a shared network, such as public Wi-Fi, could be intercepted. The advice is to avoid using a Mac computer on such public Wi-Fi networks until Apple rolls out the fix for OS X.

Here are some of the apps which rely on the vulnerable Apple #gotofail SSL library beyond Safari /cc @a_greenberg pic.twitter.com/ombDOOa01A

— ashkan soltani (@ashk4n) February 23, 2014

The bug, which first came to light three days ago, has been dubbed ‘gotofail’ because of the single erroneously used ‘goto’ command in the tech giant’s code that caused it. Many in the security community have been puzzled by the apparent simplicity of the error, leading some conspiracy-oriented members to wonder if the code was a calculated move to create a backdoor for spy agencies. Apple, however, has always said it has never enabled backdoor access into any of its products.

Soltani, who describes himself as “an independent researcher and consultant focused on privacy, security, and behavioral economics,” has previously worked on behalf of the Washington Post, helping to analyze documents leaked by Edward Snowden.

[Image: Maksim Kabakou / Shutterstock]

Topics

Apple
Apple

Contributing Editor

Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…

Computing

Here’s why WWDC could be a ‘critical event’ for Apple

Apple is planning a packed line-up for its Worldwide Developers Conference (WWDC) on June 5, which could become “one of the most critical events in the company’s history.” Aside from the company’s upcoming Reality Pro headset, there will be major updates to Apple’s software systems, including the biggest watchOS revamp since the Apple Watch launched in 2015.

That’s according to a new report from Bloomberg journalist Mark Gurman, who has a history of accurate predictions and leaks surrounding Apple products. It suggests that WWDC will be a chance for Apple to set out its future ambitions for a “post-iPhone era.”

Computing

This major Apple bug could let hackers steal your photos and wipe your device

A physical lock placed on a keyboard to represent a locked keyboard.

Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos -- and even wipe your device entirely.

The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can.

Computing

Why Apple’s foldable MacBook could be the Mac’s iPhone X moment

A concept visual of a foldable screen MacBook Folio.

These days, it seems every company and their dog is developing a folding device and trying to convince people it will be the next big thing. Now, Apple is apparently jumping on the bandwagon and is poised to unveil a MacBook with a 20-inch folding display in 2026 or 2027. If it goes well, this could be an even more seismic shift for the Mac than the transition to Apple silicon chips.

In fact, I’m thinking that a laptop with a folding screen could be the Mac’s iPhone X moment -- a product that completely resets an entire product lineup, not just for Apple, but for the entire industry. That means there’s a huge amount at stake.