Apple developing security fix for Mac after iOS patch

Apple said yesterday it was developing a security fix for its Mac OS X computer operating system after it released a patch for its iPhones and iPads to foil hacker attacks.

The company issued its security update for the iOS 7 mobile operating system on Friday, saying that "an attacker with a privileged network position may capture or modify data" in a browsing session.

According to security experts, the same problem could affect people using Mac desktop or notebook computers.

According to an Apple spokesman who spoke to AFP, when asked about the Mac OS vulnerability, the company was aware of the issue and already had a software fix that would be released very soon.

AFP quoted security researcher Graham Cluley as saying it was "really important that you update your iPhones and iPads as quickly as possible."

According to Cluley, Apple's iOS update fixed a critical vulnerability that could allow hackers to intercept what should have been secure communications between users' iPhone and SSL-protected websites, which meant  potentially, online attackers could grab one's user ID or passwords users attempted to log into popular websites.

Security firm Crowdstrike first broke the news of the flaw in a blog post Friday.

Meanwhile, Molly Wood said in a New York Times blog that in a nutshell, Apple had a security hole in both its mobile and desktop operating systems that could allow a malicious hacker to intercept what a user might have thought was a secure web transaction if they were on a public Wi-Fi network like those at a coffee shop, airport or some other location.

She said that the vulnerability affected SSL/TLS, or Secure Socket Layer and Transport Layer Security and these were the two technologies that supposedly encrypted the conversation between users' browser and the server they were trying to access when they visited a website.

These are represented by an ''https'' rather than ''http'' in users' browser's URL bar, and they were supposed to mean users had got a secure browsing session in effect.

She added that due to the bug, it was possible users did not have the security. According to her, the problem lay in validating the security certificates that were sent back and forth when users were establishing a secure connection.

Thanks to this flaw, users' browser would not be able to verify the authenticity of an encryption certificate, meaning someone could easily be pretending to be one's bank's website, one's doctor's office site or a credit card application form.