The Business Takeaways from Apple's SSL Fiasco


If your company hasn’t updated its iOS and Apple computers over the last month, you need to drop everything and make that happen. News of Apple’s extreme SSL vulnerability rippled across the Internet throughout late February.

Developers, tech experts, and media figures implored consumers and business users to update their mobile devices to iOS version 7.0.6, which included the critical fix for the SSL bug.

According to Apple Insider, the adoption rates for this software update hit 13 percent within the first two days of the update release. Incidents like these illuminate several key points that companies and IT departments need to learn, when it comes to securing their in-house, loaner, and BYOD technology.

Technology affected

Essentially, security professionals uncovered two extreme flaws in Apple products: the “goto fail” bug in both the iOS and OS X platforms, which run on Apple mobile devices and computers respectively. Security professionals who wrote and warned users about this bug attempted to conceal certain key points about the flaw, in order to prevent would-be attackers from exploiting the vulnerability before a patch was released by Apple.

The flaw is known as the “goto fail” bug because of a slight typo in the system code, which causes the software to skip a key piece of verification. That extra “goto fail” line represented a hidden snake in the operating system, which posed a threat to users who logged onto secure websites while on untrusted networks, such as public Wi-Fi.

The most terrifying aspect of this error is that it has been affecting Apple mobile devices ever since the release of iOS 6 in September 2012.

The news is equally dire for businesses that rely on the native and third-party apps in OS X, especially if your company has remote or telecommuting workers who complete tasks at a distance from your secure office networks. Security experts suspect that Mac apps such as Safari, Twitter, Facetime, iMessage, and other integral system apps were open to the vulnerability.  

Threats to businesses

The flaw affects users’ SSL certificate security: the protocols we rely on when we log on to secure services such as social media, bank accounts, and work-related systems. This opens users up to sniffing, aka man-in-the-middle (MITM) attacks.

Imagine an employee going to pick up some coffee outside the office, and he jumps onto the café's Wi-Fi to check something on the company’s cloud computing system. A malicious attacker who’s connected to the same network has an opportunity to intercept critical data, such usernames and passwords, before it can securely reach the website. This is the process known as “sniffing.”

How companies can minimize risk

The first thing to note about this flaw is that it wasn’t anything new; it’s a code error that has existed for more than a year. IT education is paramount: The people who maintain your office technology need to be in the loop about breaking news so they can respond appropriately.

The second element to focus on is scheduled maintenance and updates. It’s possible that many users had no idea about this vulnerability until Apple released the latest updates, which described the vulnerability in their notes.

Scheduled system and software updates can help protect companies against current attacks.

The third way companies can minimize damage is to leverage Mobile Device Management software for tablets and smartphones. IT departments can enforce key security practices, such as complex unlock passwords, network settings, and “open in-app” settings, which can significantly reduce risk even in the face of the “goto fail” bug.

Apple’s recent SSL controversy might have been a rude wake-up call for many businesses. It highlighted the very real need for regular IT updates, management, and security protocols.

No system is infallible; just a few characters of code can mean the difference between a secure and a breached work system. Company leaders can minimize risk through continued IT training, scheduled maintenance, and device management software.

Edited by Cassandra Tucker
Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More