On Friday, Apple issued what seemed at first to be a run-of-the-mill security update. According to the update’s initial documentation, the patch was supposed to “provide a fix for SSL connection verification.” But when Apple posted the patch’s security information to its website, the company revealed that the fix was for something quite serious: Without the patch, “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” That was hardly run-of-the-mill.
The next time your friends, family, or coworkers tell you that Apple has been hacked or if they ask you what’s going on, send them this article by Macworld. A few of the authors on the site put together some nice tidbits of information explaining what the SSL bug is, what’s vulnerable, and what you can do to secure your communications online. Update your iOS devices if you haven’t already, and use an alternate web browser on your Mac until a patch can be downloaded.