iPhone "Gotofail" Safari Security Flaw Extends To Mail, Calendar, Other Apps
A couple of days ago, iPhone users may have been alerted about a software update that was newly available. The updated software, iOS 7.0.6, came with one line of description: “This security update provides a fix for SSL connection verification.”
While carrying out a software update can be cumbersome and is often pushed aside by users, this particular update provides an important remedy to a major security flaw in Apple’s devices.
According to Forbes, the update fixes a bug in the software code that makes the majority of Apple’s applications easily susceptible to eavesdroppers and hijackers. iOS users on a public WiFi network could easily tap into and/or control various apps due to Apple's improper implementation of SSL encryption prior to the update, Wired reports.
The fiasco is being referred to as “gotofail” by the online tech security community because the security flaw was exposed simply by Apple developers improperly using a “goto” command in the software’s code. The developers accidentally typed two subsequent lines of the string “goto fail” in the wrong spot of code, which essentially causes programs such as Safari to bypass online authentication checks. Although the coding language is difficult to understand, the actual mistake was as simple as a single typo.
Although Apple’s most recent software update provided a fix for its Safari web browser, other applications may still be at risk. Private tech researchers and security experts have been investigating the situation and claim that third-party apps such as Twitter might also be affected by the security flaw.
Apple is reportedly investigating the situation, but users should continue to watch for software updates. Additionally, you can check whether you should be concerned at gotofail.com, a website designed to alert users whether or not they are at risk as a result of the exposed security flaw.