On Friday, Apple
(NASDAQ:AAPL) acknowledged a so-called "man in the middle" security vulnerability for iPhones and iPads. The flaw allows hackers the ability to to intercept any encrypted data from an iPhone user while their phones are connected to public Wi-Fi networks. Threatened data includes emails, login credentials, and credit card information. According to a report from The Guardian
this morning, the security flaw also affects Mac computers running Mac OS X. Apple has released a patch for iPhones and iPads, but says the update for Macs is coming soon.
Here are four steps to take to make sure that you keep yourself and your data as secure as possible.
Assess Your Vulnerability
Go online to gotofail.com on all your Internet-connected Apple devices. If you're all good, you'll get a green message. If you're on a current iOS device, you'll receive a message urging you to update to iOS 7.0.6. If you're on your Mac computer, you'll get either a yellow message, telling you your browser is safe but that certain apps aren't, or you'll get a red message, urging you to patch your browser.
Update iOS and Your Browser
If you are using an iOS 7 iPhone or iPad, connect it to your computer, open iTunes, open the tab for your iPhone or iPad, and click the button to update to iOS 7.0.6. Alternatively, and without having to connect to a computer, go to "Settings," then "General," then "Software Update" to get the fixed software.
For iOS devices running iOS 6 that cannot be updated to iOS 7 (iPhone 3GS or earlier versions; iPod Touch 4G or earlier), you can update to iOS 6.1.6.
For iOS devices running iOS 6 that can update to iOS 7 (iPhone 4 or later versions, iPad 2 or later), you have to update to iOS 7 or else remain vulnerable.
For your Mac, if you're running Mac OS X 8.1 (Mountain Lion) or earlier, you are fine. If you're using a newer Mac with OS X 10.9 (Mavericks), do not use Safari for any secure transactions or to visit any secure websites until an update is released. In the meantime, use Mozilla Firefox or Google
(NASDAQ:GOOG) Chrome. Because these browsers use their own code for connecting to secure websites, the Apple breach does not affect them.
Assess What Data May Have Been Compromised
Did you log in to your bank account while your phone was compromised? Did you log in to your email account? It might not be a bad idea to change credentials on all accounts that may have been open to a hacker.
The Readiness Is All
Apple announced this latest security flaw last Friday. I didn't know about it until Monday when my editor mentioned it to me. Obviously, it would have been better for my security had I updated my phone's software on Friday and not after work on Monday. It is not a bad idea to stay current on the state of Apple security. One way you can do this is to plug your phone into your computer every day to charge it and check for any new updates. Another way is to check daily on your phone itself, under Settings > General > Software Update.
Finally, you can sign up for a mailing list
with Apple that will send you updates on iOS and OS X security issues and fixes.
For more details on this latest flaw in Apple's security, read the detailed story from The Guardian
I mentioned above.
Former Apple Inc. Exec Explains Why the iPhone 5C Flopped
4 Reasons WhatsApp May Be 'Worth More' Than $19 Billion to Facebook
A Glass Half Empty at Groupon, Half Full at Priceline
Follow me on Twitter: @JoshWolonick and @Minyanville
No positions in stocks mentioned.