Apple Inc said on Saturday that it would issue a software update “very soon” to cut off the ability of spies and hackers to grab e-mail, financial information and other sensitive data from Mac computers.
Confirming researchers’ findings late on Friday that a major security flaw in iPhones and iPads also appears in notebook and desktop machines running Mac OS X, Apple spokeswoman Trudy Muller told reporters: “We are aware of this issue and already have a software fix that will be released very soon.”
Apple released a fix on Friday afternoon for the mobile devices running iOS, and most should update automatically.
Once that fix came out, experts dissected it and saw the same fundamental issue in the operating system for Apple’s mainstream computers.
That started a race, as intelligence agencies and criminals will try to write programs that take advantage of the flaw on Macs before Apple pushes out the fix for them.
The flaw is so odd in retrospect that researchers faulted Apple for inadequate testing and some speculated that it had been introduced deliberately, either by a rogue engineer or a spy.
Former US intelligence operatives said that the best “back doors” often look like mistakes.
Muller declined to address the theories.
“It’s as bad as you could imagine, that’s all I can say,” Johns Hopkins University cryptography professor Matthew Green said.
Adam Langley, who deals with similar programming issues as a Google engineer, wrote on his personal blog that the flaw might not have shown up without elaborate testing.
“I believe that it’s just a mistake and I feel very bad for whomever might have slipped,” he wrote.
The problem lies in the way the software recognizes the digital certificates used by banking sites, Google’s Gmail service, Facebook and others to establish encrypted connections.
A single line in the program and an omitted bracket meant that those certificates were not authenticated at all, so that hackers can impersonate the Web site being sought and capture all the electronic traffic before passing it along to the real site.
In addition to intercepting data, hackers could insert malicious web links in real e-mails, winning full control of the target computer.
The intruders do need to have access to the victim’s network, either through a relationship with the telecom carrier or through a WIFI wireless setup common in public places.
Industry veterans warned users to avoid unsecured WI-FI until the software patch is installed.
The bug has been present for months, according to researchers who tested earlier versions of Apple’s software.
No one had publicly reported it before, which means that any knowledge of it was tightly held and that there is a chance it had not been used.
Documents leaked by former US intelligence contractor Edward Snowden showed US agents boasting that they could break into any iPhone, and that had not been public knowledge either.
Apple did not say when or how it learned about the flaw in the way iOS and Mac OS handle sessions in what are known as secure sockets layer or transport layer security. Those are shown to users by the Web site prefix “https” and the symbol of a padlock.
Taiwan Transport and Storage Corp (TTS, 台灣通運倉儲) yesterday unveiled its first electric tractor unit — manufactured by Volvo Trucks — in a ceremony in Taipei, and said the unit would soon be used to transport cement produced by Taiwan Cement Corp (TCC, 台灣水泥). Both TTS and TCC belong to TCC International Holdings Ltd (台泥國際集團). With the electric tractor unit, the Taipei-based cement firm would become the first in Taiwan to use electric vehicles to transport construction materials. TTS chairman Koo Kung-yi (辜公怡), Volvo Trucks vice president of sales and marketing Johan Selven, TCC president Roman Cheng (程耀輝) and Taikoo Motors Group
Among the rows of vibrators, rubber torsos and leather harnesses at a Chinese sex toys exhibition in Shanghai this weekend, the beginnings of an artificial intelligence (AI)-driven shift in the industry quietly pulsed. China manufactures about 70 percent of the world’s sex toys, most of it the “hardware” on display at the fair — whether that be technicolor tentacled dildos or hyper-realistic personalized silicone dolls. Yet smart toys have been rising in popularity for some time. Many major European and US brands already offer tech-enhanced products that can enable long-distance love, monitor well-being and even bring people one step closer to
RECORD-BREAKING: TSMC’s net profit last quarter beat market expectations by expanding 8.9% and it was the best first-quarter profit in the chipmaker’s history Taiwan Semiconductor Manufacturing Co (TSMC, 台積電), which counts Nvidia Corp as a key customer, yesterday said that artificial intelligence (AI) server chip revenue is set to more than double this year from last year amid rising demand. The chipmaker expects the growth momentum to continue in the next five years with an annual compound growth rate of 50 percent, TSMC chief executive officer C.C. Wei (魏哲家) told investors yesterday. By 2028, AI chips’ contribution to revenue would climb to about 20 percent from a percentage in the low teens, Wei said. “Almost all the AI innovators are working with TSMC to address the
Malaysia’s leader yesterday announced plans to build a massive semiconductor design park, aiming to boost the Southeast Asian nation’s role in the global chip industry. A prominent player in the semiconductor industry for decades, Malaysia accounts for an estimated 13 percent of global back-end manufacturing, according to German tech giant Bosch. Now it wants to go beyond production and emerge as a chip design powerhouse too, Malaysian Prime Minister Anwar Ibrahim said. “I am pleased to announce the largest IC (integrated circuit) Design Park in Southeast Asia, that will house world-class anchor tenants and collaborate with global companies such as Arm [Holdings PLC],”