Apple recently released a statement about a bug that allowed hackers to intercept encrypted SSL connections and decrypt them, exposing a lot of people’s personal information like their bank account information, credit card numbers and other sorts of information as they surf the internet.
The apparent loophole in the system is possible because the newest versions of iOS and OS X operating systems don’t check the signature in a Transport Layer Security (TLS) exchange message. Not checking the signature allows a third party to intercept the data by spoofing the server DNS, which could give a hacker access to sensitive data if you are using a shared network or a public computer.
Apple has managed to create a fix for the iOS version of this problem, but have yet to announce one for the OS X, but they have announced that there will be a fix for it soon, but haven’t given a date yet.
Until a fix is announced for the computers using the OS X operating system, Apple has announced a few steps you can take to protect yourself.
Don’t use Safari: The Apple browser is currently affected by the problem, and is not safe to browse the internet with Mozilla Firefox and Google Chrome which are unaffected by the problem. If you really want to find out if the browser is safe, you can go to https://gotofail.com/ and run a test on your browser.
Avoid public computers and networks: Until they announce a fix for the OS X operating system, you should avoid using public computers to perform and financial transaction or anything that requires you provide sensitive information. You should also avoid using your computer on a public network, if you do be sure to use a browser that isn’t affected by the bug.
Remember that these measures are only temporary, and Apple is currently working on a fix for the problem.