TRENDING ON ONEINDIA
- 4 Army Personnel, Including Major Martyred In Encounter With JeM Terrorists In Pulwama, J&K
- West Indies Batsman Chris Gayle To Retire From ODIs After World Cup
- The First-Ever Maruti 800 Delivered To Customer Gets Restored After 26 Years
- Apple Might Launch RED Variants Of iPhone XS And XS Max
- Earn Interest Of Upto 9% On These Bank Deposits
- Jageshwar — The Himalayan Town With 100 Ancient Temples
- Ranveer Reacts To Will Smith’s Praise For Gully Boy!
- Anavila Misra On Slow Fashion And Her Latest Travel-inspired Collection
Here's some serious security concern for all those of you currently owning an Apple-made iPhone or iPad. According to reports, a major flaw in Apple's iOS operating system for mobile devices could allow hackers to compromise email and other personal data that are meant to be encrypted, the company acknowledged in a Friday afternoon announcement.
While Apple recognized the problem in its software for mobile devices and major threat it poses to all its users, the company did not mention when or how it recognized the flaw - which is in the way iOS handles sessions in what are known as secure sockets layer or transport layer security. The company also didn't say whether the flaw was being exploited.
"It's as bad as you could imagine, that's all I can say," said Johns Hopkins University cryptography professor Matthew Green.
Without the fix, a hacker could easily fake a protected site and start pulling the strings as email or financial data goes between the user and the real site, Green added.
Now, as it stands, if attackers have access to a user's network, which can be done by sharing the same unsecured wireless service offered by a open network area such as a restaurant, they could easily view or alter exchanges between the user and protected sites such as Gmail and Facebook, experts said.
And although the problem seems like a pretty big one with users' personal information and other encrypted data hanging in the balance, Apple own statement to address the problem didn't help the issue. The company wrote that the software "failed to validate the authenticity of the connection."
More on this is expected to arrive shortly.