Apple has finally released a security fix through its software update service which closes a security hole in its OS X operating system.
Before the security fix was released, thousands of Apple computers were left vulnerable to a security hole which could have resulted in confidential data dropping into the hands of a hacker.
The vulnerability in the code for the OS X operating system meant that security certificates weren’t being authenticated properly when a secure connection was being made to a website. This meant that hackers could pose as a website and gather the data that was being sent before it was received by the real website.
The security hole was first found on Apple’s mobile devices which run on the iOS operating system and the same problem was then seen with the OS X operating system. A security fix was released for the mobile devices running on the iOS operating system last week but as the fixes weren’t released simultaneously, thousands of Apple computers have been left exposed.
Ryan Lackey who founded CryptoSeal expressed his disappointment with this on Twitter and that whoever made the decision should no longer be employed by Apple.
Lackey stated, “Whoever at Apple decided to wait 4+ days for 10.9.2 to patch the OSX vulnerability needs to no longer be in that position.”
Researchers believe that the security flaw has been present for months but that no one had reported it publicly.
Graham Cluley who is a security analyst believes that Apple has seriously dropped the ball and that there is no telling whether hackers have exploited the security hole.
Cluley stated, “It’s pretty bad what Apple have done, they’ve seriously dropped the ball. How much the problem has been exploited is hard to say. Hackers may now be trying to take advantage while users wait for the security fix.”
Have you applied the security fix? Do you think that security fixes for the OS X and iOS operating systems should have been released simultaneously?