page 2 of 2
How to Stay Secure
Not every Apple device and computer are affected. The flaw affects iOS devices running iOS 6 and 7 and Mac OS X Mavericks (10.9), as well as 2nd and 3rd generation Apple TVs.
First, download and install the 7.0.6 security update. I have installed it and so far it works well. I haven’t noticed any regressive bugs. Battery life is unaffected. The patch is about 12 MB, so it is only fixing the SSL verification issue. If your device can’t run iOS 7, Apple has made a patch for iOS 6 — 6.1.6. There’s even a patch for Apple TV.
If you have an iOS device that is compatible with iOS 7, but haven’t upgraded, you must upgrade to iOS 7 to patch this vulnerability. The iOS 6.1.6 patch is only offered to devices that cannot upgrade to iOS 7, such as the iPhone 3GS.
You can update your device by tapping Settings > General > Software Update, then follow the on-screen instructions. Make sure your device is plugged in or has sufficient battery life to run the update. The update should take no more than 10 minutes. If you are interested in following the best process for upgrading iOS, read this article. For Apple TV, go to Settings > General > Update Software, then follow the on-screen instructions.
Apple announced that Mac OS X 10.9 Mavericks has the same security flaw, but a patch has not yet been released. The update will be coming soon. In the meantime, be careful about using your Mac on public WiFi networks. Your home and office WiFi network shouldn’t be a problem, unless you have sophisticated hackers in these environments. If that’s the case, you have much bigger concerns!
If you are using a Mac with OS X Mavericks or an affected iOS device, use Chrome or Firefox for your browser. Both browsers use different SSL technologies, so they are unaffected by this issue. I verified that Chrome for iOS is not affected by this issue on an unpatched iPad running iOS 7.0.4:
The vulnerability is evident when using Safari:
The Sky is Not Falling
As with any flaw in Apple products, the media are having a field day. Journalists who don’t understand this issue are misrepresenting it as something that leaves users wide open to hackers. This is not the case. A malicious user needs to have privileged network access to exploit this vulnerability.
Apple flaws are a great way to get eyeballs on websites, however, these Chicken Little exaggerations don’t help the end-user. Whether you have the patch or not, it is extremely unlikely that your device will be compromised.
This security flaw is nothing to be thrilled about, but it is certainly nothing to lose sleep over. In the wake of the Target hacking and revelations about the NSA, it’s amusing to see the Chicken Little “sky is falling” response to this issue. OS X and iOS are still considered to be more secure than most other operating systems.
Any small flaw in Apple products is blown out of proportion. Even with this flaw, there are operating systems with far more vulnerabilities and malware issues. None of these problems make the news. This is the price Apple has to pay for popularity, although Microsoft never seemed to suffer this scrutiny during their heyday.
We can only hope that this flaw will improve Apple’s product quality. Apple has to be much more careful about their code and improve quality assurance. This awareness was gained without putting users at much risk. There are no reports that users were actually compromised by this vulnerability. It is clear, however, that Apple must take security more seriously.