Bad news, ladies and gents: a flaw in Apple's desktop and mobile operating systems allows malicious attackers to see your every move. This defect exposes all of your data to hackers, including Gmail emails, what passcode you're typing into your lockscreen, and which websites you are visiting.
It's a security weakness that shouldn't be taken lightly — so iOS and Mac OS X users need to take every possible precaution, immediately.
Am I affected?
Both iOS and Mac OS X users are affected. Yes, Apple desktop and mobile device users are at risk.
What do I need to do?
Over the weekend, Apple released iOS 7.0.6 which should patch up the connection security bug. iPad, iPhone, and iPod Touch users can update to this version over WiFi by heading to the Settings app > General > Software Update > tap "Install Now." If you can't update to the latest software because your device doesn't have enough memory, take a look at our tips on what to delete now.
For iOS 6 users, install 6.1.6 as soon as possible using the same Settings > General > Software Update process. This update is only available for iPhone 3GS and fourth-generation iPods. The fact that Apple even released an update for iOS 6 is indicative that this bug is major. The company has been hesitant to support iOS 6 to encourage users to adopt its latest operating system, iOS 7.
You can also update using iTunes, by plugging the device into your computer, selecting the device in iTunes, and clicking "Check For Update." Once new software has been detected, hit "Download and Update."
On Tuesday, Apple released a fix for OS X Mavericks users, 10.9.2. This update addresses the security issue and also adds FaceTime Audio support to the FaceTime and Messages apps.
How do I prevent an attack in the future?
Attackers can exploit the security flaw while they are on the same wireless network as you. So avoid unsecured WiFi connections at all costs. That means stay away from cafes and public libraries. If you must, then download an encryption plug-in like HTTPS everywhere or use your own hotspot like the Verizon MiFi.
Security company Crowdstrike recommends setting the "Ask to Join Networks" option in Network Preferences to OFF once you've joined a secure network. This will disable prompts asking you to connect to an untrusted WiFi network.
How exactly does the security flaw expose my data?
OK, let's talk complex tech. The issue involves SSL, which stands for Secure Sockets Layer. SSL encryption is the line of defense between your Mac or iPhone and a server. The tool is supposed to turn your data (your IMs, the emails you'd rather keep private, your online passwords, etc.) into jumbled code before sending it to a server, so it is safe from prying eyes.
In previous versions of iOS and the current version of OS X, a bug makes it easy for an attacker to stand in between your Mac and the server, then read all of the data being sent to the server, without either party thinking anything is wrong. Your Mac or iPhone can not correctly verify the server on the other end, so the device doesn't know if your data is being sent to a secure place. This type of vulnerability is called a "Man-in-the-Middle" attack, and it's very dangerous.
Any questions? We're sure you have a plenty, so leave us a comment below or tweet us at @POPSUGARTech.