Apple has confirmed that the exploit also exists on OS X and that it will roll out a fix “very soon.”
Word about this serious SSL/TLS encryption issue first broke yesterday when Apple released iOS 7.0.6 and iOS 6.1.6 out of the blue just to plug the exploit. Top cryptography experts didn’t reveal much, but some of them hinted that it was imperative to understand the gravity of the situation caused by this exploit. Basically any attackers with a certificate signed by a “trusted CA” could perform a man-in-the-middle-attack, thus being able to intercept and edit crucial information such as emails and login credentials.
While the incremental iOS updates released yesterday take care of the exploit as far as Apple’s mobile devices are concerned, the company confirms that the same exploit also exists on Mac OS X. In a statement provided to Reuters, Apple has confirmed that its working on a fix which will be released “very soon.” People have been pointing fingers at Apple for shipping software with such a gaping security vulnerability, but Google engineer Adam Langley, who deals with similar programming issues at the internet search giant, writes on his personal blog that this exploit might not have caught someone’s attention until the software was elaborately tested. “I believe that it’s just a mistake,” Langley said.
It is unclear how far back this exploit goes, so it can’t be said for sure that for how long users have been open to attacks that leverage this exploit. It goes without saying that Mac users should download the update immediately as soon as Apple releases it, until then, it would be in their best interests to at least not using their computers on public Wi-Fi networks, now that the exploit is common knowledge.