Apple issues fix for security risk

  @gregorywallace February 23, 2014: 6:12 PM ET
apple iphone

iPhones are among the Apple devices vulnerable to this breach, experts say.

NEW YORK (CNNMoney)

Security experts say Apple has patched a hole that could have exposed sensitive information to hackers.

Left unfixed, hackers could potentially read private communications sent over Apple devices: emails, instant messages, social media posts and even online bank transactions.

But experts say it's unlikely any hackers did, since the vulnerability was first disclosed when Apple (AAPL, Fortune 500) released a security patch over the weekend.

The patch fixes the issue in the most recent software available for iPhones, iPads and iPod Touches.

A fix is not yet available for the OS X software, the operating system for Apple computers.

Without the patch, a hacker could be what experts call a man-in-the-middle -- it's like a game of Telephone you don't even know you're playing.

"Alice wants to communicate securely with Bob," explained Nathan Sportsman, a mobile security expert and CEO of Praetorian. But Eve, a hacker, uses this vulnerability to put herself between the two. "Now Alice is talking to Eve and Eve is talking to Bob," he explained. Alice and Bob think they're talking to each other privately.

This lets hackers view the communications, such as bank deposits or Facebook (FB, Fortune 500) posts. If they intercept a username and password, the hacker could return to your account later and cause more damage, Sportsman said.

Related: Your smartphone will eventually be hacked

Hackers can also modify the transmission, said Dmitri Alperovitch, the chief technology officer at the security firm CrowdStrike.

For the most part, Alperovitch said, the hacking ability is limited to people who are on the same network as the hacker -- such as in a coffee shop or on an airplane.

He said Apple users should make sure their device is updated with the newly issued software before next connecting to a public wireless network. He recommended owners of Apple computers wait until an update is available before using it on a public network.

And if you're already tapped into an insecure network, sign off, then perform the update, Alperovitch said. Otherwise hackers could corrupt the update as it travels to your phone. To top of page



Join the Conversation

Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer LIBOR Warning: Neither BBA Enterprises Limited, nor the BBA LIBOR Contributor Banks, nor Reuters, can be held liable for any irregularity or inaccuracy of BBA LIBOR. Disclaimer. Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.