As most of you have heard, a significant security bug was announced on Friday affecting Apple’s desktop (OS X 10.9) and mobile (iOS 6 & 7) operating systems. This bug allows an attacker to intercept secure/encrypted traffic without detection (what is known as a “man-in-the-middle” attack).
In order for this attack to work, the attacker most likely needs to be on the same wifi network as the victim. Because most home and work wifi networks are secure, you are only vulnerable while connected to public/open networks.
Here are 3 important tips for dealing with this exploit:
1) Avoid public wifi networks
This is good advice in general. Public wifi networks, while convenient, are inherently insecure. If you routinely use public wifi for your work, you should look into investing in a mobile hotspot. Rely on your mobile broadband as much as possible
2) Apply the iOS update
Please agree to any updates for your iPhone or iPad. You can also manually apply the update by… a) Clicking on Settings b) Select General c) Select Software Update d) Click Install Update
3) Apply the OS X update
The security flaw affects the use of Safari and a few other apps (Mail, Calendar, iBooks) on Macs running the latest version of OS X (Mavericks 10.9). Apple has released a fix and it should be installed via the App Store.
If you want to test if you have the bug, click on this link. If you CANNOT open the page, you don’t have the bug.