Hackers and thieves in “a frenzy” over Apple’s iOS flaw


by Joe Curtis| 24 February 2014

The vulnerability leaves iPhone and iPad users at risk of man-in-the-middle attacks.

Companies cannot rely on device-centric security, an expert claimed after a major flaw was uncovered in Apple's iPhones and iPads.

The tech giant announced a patch for the flaw on Friday, after revealing that iPhones and iPads were all at risk of having their email and other encrypted comms intercepted.

The flaw was caused by a fault in the way Apple implemented communication encryption protocols into iOS6 and iOS7.

It means that if a cyber criminal can access the same WiFi service as an Apple device user, then they could see and alter exchanges between the user and protected sites.

Seth Hallem, the CEO of secure HTML 5 app dev platform Mobile Helix, who also sold his security testing firm Coverity to Synopsys for $375m, said companies must not rely on the likes of Apple to provide security.

"This flaw should act as a wakeup call to corporate," Hallem claimed. "[It] is probably sending hackers and thieves into a frenzy right now.

"They simply can't go on trusting their security to device vendors such as Apple. There will always be vulnerabilities to operating systems and devices, that's why it's imperative that organisations implement data, rather than device centred security."

Apple has recommended all iPhone, iPad and iPod users to install its software patches to fix the flaw.

Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

717 people like this.
1539 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.