I'm not going to talk details about the Apple bug except to say the following. It is seriously exploitable and not yet under control.Since I was away for the weekend, I wasn't able to do any research into this until today. Fortunately, I came across an excellent article from Gizmodo. In a nutshell, it appears that Apple has released fixes for mobile devices (iPhones and iPads), but you need to go ahead and perform a software update to iOS 7.0.6. Unfortunately, there is no fix yet for Macs. This means if you are operating a Mac computer and using public wifi you should not use Safari as your browser. It is suggested you use Firefox or Chrome.
- Matthew Green (@matthew_d_green) February 21, 2014
Even more terrifying is that although this flaw only became widely known about in the past several days, it has been there since September 2012. This has resulted in some claims of conspiracy.
As Gigazom notes:
It doesn't take too much of a stretch of the imagination, though, to draw a few shaky lines between this bug and the NSA's PRISM program. No less an Apple devotee than John Gruber did just that last night, pointing out that the "goto fail;" command first snuck into iOS 6.0, which shipped just a month before Apple was reportedly added to the spy agency's info-snooping PRISM program.Kind of reminds me of the iPhone 5NsA mock video from late last year.
If you want to go full tinfoil hat based on that timing, you're welcome to, but it's highly unlikely that Apple intentionally added this bit of code. It's entirely possible, though, that the NSA found out about it before Apple did, and has been secretly exploiting it for its PRISM purposes.
Scary stuff. I highly recommend reading the entire Gizmodo article here.
In Liberty,
Michael Krieger
Reader Comments
to our Newsletter