Hackers may steal information from recent iOS and MacOS, Cisco Talos warns users
Cybersecurity organisation Cisco Talos has warned users of potential vulnerabilities inside the recent iOS and MacOS systems. It added that a security flaw may be compromised by hackers in order to manipulate devices at a distance.
The security flaw in question is the X.509 certificate validation feature that is present in the recent versions of the aforementioned operating systems. These certificates are needed in a lot of internet services such as TLS/SSL. The latter guarantees the efficiency of HTTPS, or the protocol for secure web browsing.
Cisco Talos confirmed that the vulnerability is present in macOS Sierra 10.12.3 and iOS 10.2.1. Unfortunately, it is also possible that previous versions of the two operating systems are affected as well.
Talos explained that a lot of people normally consider "browsing safety" by making sure they are connected to a website through HTTPS. This is seen as a little padlock on the side of the address bar. However, processes like X.509 certificate validation ensure that the inner workings of websites are secure as well.
In this case, the certificate validation procedure will make sure that website "identification" (or certificates) are legitimate. This is because some servers are designed to harm devices that are connected to them.
The risk can be triggered by visiting HTTPS websites with browsing applications. The otherwise malicious certificates will be allowed by a vulnerability in the code.
Australia is no stranger to data breaches, either. In January 2017, thousands of officials of the Australian Government have become part of a billion victims of a massive Yahoo data breach.
According to the ABC, cybersecurity firm InfoArmor said the data from the victims were stolen by hackers from Eastern Europe as early as 2013. The group then sold the accounts to cyber criminals and a suspected intelligence agency for US$300,000 (AU$392,490) each.
As such, users are advised to rely on secure methods such as encryption and virtual private networks (VPN) when working online. According to Apple Support, Apple users can improve their security by using strong passwords.
It is also important to make the security questions associated to the account extremely hard to guess. Two-factor authentication can also help as this makes a user login with two sets of codes. One is the original password while the other is a special verification code that is sent to trusted a mobile number.
According to the Talos Intelligence report, these risks have already been reported to Apple. However, Apple has not yet released a comment on the issue. Regardless, it is likely that the next iOS and MacOS update will be able to address the X.509 certificate validation issue.