What exactly should I be doing to protect my iPhone and MacBook from the new security problems? — Jan
Answer: Apple users should be mindful of various security flaws discovered with two major security holes in iPhones, iPads and one for any computer running the Mac OS X.
A programming bug that was traced back to a change 18 months ago essentially exposed Mac and iOS users to what’s known as the “Man in the Middle” attack while accessing websites.
A lack of proper security certification has been providing Apple users with a false sense of security when accessing what appears to be verified secure websites.
We’ve all been told to look for sites that start with HTTPS:// whenever we’re working with sensitive information, because this represents a secure site.
Security is verified by an industry standard process whenever you’re browser visits a site, but the bug in the Apple programming didn’t properly certify the sites which could allow someone to create a fake bank website that passed you to the real website without being detected.
The “Man in the Middle” could then silently monitor the transmissions between you and whatever website you were working with because your device never actually performed all the security steps.
You can quickly test your Apple device or computer for this flaw by going to https://gotofail.com.
Apple users aren’t used to “urgent updates” like Windows users are, but this one is about as urgent as anything that I’ve ever seen from the Microsoft camp.
iPhone and iPad users should immediately update to the latest version of iOS (7.0.6) by going to “Settings,” “General,” “Software Update” and tapping “Install Now.” It’s always best to do iOS updates when you are plugged into power and connected via Wi-Fi.
Mac OS X users should see an “App Updates Available alert” notification appear in the upper-right corner of their screen and it should not be ignored.
You can also manually update by clicking on the Apple menu and clicking on the “Software Update” option.
Once you have updated all of your Apple products, as a precaution, I’d highly recommend that you change the passwords or access codes on any online account that you’ve accessed in the last 18 months.
Cyber-thieves use a variety of automated processes to gather sensitive information, so your information could have been compromised a while ago, but sitting in a database somewhere waiting to be sold.
Another recent security flaw surrounding iPhone and iPad apps would allow a malicious app to record every keystroke or touch you make, essentially allowing a remote attacker to monitor everything you do on your phone or tablet.
The case can still be made that using Apple products on the Internet is generally safer, however, assuming that you have nothing to worry about anymore is not a good idea.
• Ken Colburn is president of Data Doctors Computer Services and host of the Data Doctors Radio Program, noon Saturdays on KTAR 92.3 FM or at www.datadoctors.com/radio.