It looks as if it’s going to be a busy start to the week for Apple’s security team, with more bad news surfacing in connection with a recently publicized ‘gotofail’ vulnerability in its mobile and desktop operating systems.
The tech firm on Friday rolled out an urgent fix for iDevices running iOS 7 after it was discovered it was possible for hackers to obtain a user’s data via a shared Wi-Fi network. Shortly after, it emerged the Safari browser on Mac computers was also affected, with Apple promising to roll out a fix soon.
The situation could be more serious than first feared, however, as a privacy researcher is claiming the bug affects a whole bunch of OS X applications, among them Mail, Twitter, FaceTime, iMessage, iBooks, and even Apple’s software update mechanism, Forbes reported Sunday.
Washington, DC-based Ashkan Soltani posted the list of vulnerable programs on Twitter, which, if accurate, means a hacker could potentially “capture or modify data in sessions protected by SSL/TLS” – in other words, data passing between a computer and servers over a shared network, such as public Wi-Fi, could be intercepted. The advice is to avoid using a Mac computer on such public Wi-Fi networks until Apple rolls out the fix for OS X.
— ashkan soltani (@ashk4n) February 23, 2014
The bug, which first came to light three days ago, has been dubbed ‘gotofail’ because of the single erroneously used ‘goto’ command in the tech giant’s code that caused it. Many in the security community have been puzzled by the apparent simplicity of the error, leading some conspiracy-oriented members to wonder if the code was a calculated move to create a backdoor for spy agencies. Apple, however, has always said it has never enabled backdoor access into any of its products.
Soltani, who describes himself as “an independent researcher and consultant focused on privacy, security, and behavioral economics,” has previously worked on behalf of the Washington Post, helping to analyze documents leaked by Edward Snowden.