The Business Takeaways from Apple's SSL Fiasco


If your company hasn’t updated its iOS and Apple computers over the last month, you need to drop everything and make that happen. News of Apple’s extreme SSL vulnerability rippled across the Internet throughout late February.

Developers, tech experts, and media figures implored consumers and business users to update their mobile devices to iOS version 7.0.6, which included the critical fix for the SSL bug.

According to Apple Insider, the adoption rates for this software update hit 13 percent within the first two days of the update release. Incidents like these illuminate several key points that companies and IT departments need to learn, when it comes to securing their in-house, loaner, and BYOD technology.

Technology affected

Essentially, security professionals uncovered two extreme flaws in Apple products: the “goto fail” bug in both the iOS and OS X platforms, which run on Apple mobile devices and computers respectively. Security professionals who wrote and warned users about this bug attempted to conceal certain key points about the flaw, in order to prevent would-be attackers from exploiting the vulnerability before a patch was released by Apple.

The flaw is known as the “goto fail” bug because of a slight typo in the system code, which causes the software to skip a key piece of verification. That extra “goto fail” line represented a hidden snake in the operating system, which posed a threat to users who logged onto secure websites while on untrusted networks, such as public Wi-Fi.

The most terrifying aspect of this error is that it has been affecting Apple mobile devices ever since the release of iOS 6 in September 2012.

The news is equally dire for businesses that rely on the native and third-party apps in OS X, especially if your company has remote or telecommuting workers who complete tasks at a distance from your secure office networks. Security experts suspect that Mac apps such as Safari, Twitter, Facetime, iMessage, and other integral system apps were open to the vulnerability.  

Threats to businesses

The flaw affects users’ SSL certificate security: the protocols we rely on when we log on to secure services such as social media, bank accounts, and work-related systems. This opens users up to sniffing, aka man-in-the-middle (MITM) attacks.

Imagine an employee going to pick up some coffee outside the office, and he jumps onto the café's Wi-Fi to check something on the company’s cloud computing system. A malicious attacker who’s connected to the same network has an opportunity to intercept critical data, such usernames and passwords, before it can securely reach the website. This is the process known as “sniffing.”

How companies can minimize risk

The first thing to note about this flaw is that it wasn’t anything new; it’s a code error that has existed for more than a year. IT education is paramount: The people who maintain your office technology need to be in the loop about breaking news so they can respond appropriately.

The second element to focus on is scheduled maintenance and updates. It’s possible that many users had no idea about this vulnerability until Apple released the latest updates, which described the vulnerability in their notes.

Scheduled system and software updates can help protect companies against current attacks.

The third way companies can minimize damage is to leverage Mobile Device Management software for tablets and smartphones. IT departments can enforce key security practices, such as complex unlock passwords, network settings, and “open in-app” settings, which can significantly reduce risk even in the face of the “goto fail” bug.

Apple’s recent SSL controversy might have been a rude wake-up call for many businesses. It highlighted the very real need for regular IT updates, management, and security protocols.

No system is infallible; just a few characters of code can mean the difference between a secure and a breached work system. Company leaders can minimize risk through continued IT training, scheduled maintenance, and device management software.

Edited by Cassandra Tucker
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Related Articles

ChatGPT Isn't Really AI: Here's Why

By: Contributing Writer    4/17/2024

ChatGPT is the biggest talking point in the world of AI, but is it actually artificial intelligence? Click here to find out the truth behind ChatGPT.

Read More

Revolutionizing Home Energy Management: The Partnership of Hub Controls and Four Square/TRE

By: Reece Loftus    4/16/2024

Through a recently announced partnership with manufacturer Four Square/TRE, Hub Controls is set to redefine the landscape of home energy management in…

Read More

4 Benefits of Time Tracking Software for Small Businesses

By: Contributing Writer    4/16/2024

Time tracking is invaluable for every business's success. It ensures teams and time are well managed. While you can do manual time tracking, it's time…

Read More

How the Terraform Registry Helps DevOps Teams Increase Efficiency

By: Contributing Writer    4/16/2024

A key component to HashiCorp's Terraform infrastructure-as-code (IaC) ecosystem, the Terraform Registry made it to the news in late 2023 when changes …

Read More

Nightmares, No More: New CanineAlert Device for Service Dogs Helps Reduce PTSD for Owners, Particularly Veterans

By: Alex Passett    4/11/2024

Canine Companions, a nonprofit organization that transforms the lives of veterans (and others) suffering PTSD with vigilant service dogs, has debuted …

Read More