Apple issues fix to reported OS X security hole

The flaw could have enabled hackers to impersonate a website and intercept and capture data en route

Continue reading the main story

Related Stories

• Apple shares plunge on flat earnings
• Security flaws found in Apple's iOS7 Watch

Apple has issued a fix to a flaw in its OS X operating system which previously left users vulnerable to security breaches while browsing online.

A software update was released last week to iPhone, iPad and iPod owners to protect users from "an attacker" who may "capture or modify data".

It was later discovered that the problem also existed on Apple laptops and desktop computers running OS X.

On Tuesday, Apple issue a security fix through its software update service.

The problem was first spotted on Apple's mobile devices which run the iOS 7 operating system. It related to the way secure connections are made between Apple's safari browser and websites, including banking sites, Google and Facebook.

These sites have digital security certificates that allow an encrypted connection to be established between a user's computer and the website. This means any data that is sent over the connection should be secure.

Dropped the ball

However, a vulnerability in the code for Apple's iOS and OS X operating systems meant the security certificates were not being checked properly. This meant hackers could impersonate a website and capture the data that was being sent over the connection before letting it continue its journey to the real website.

A security fix has already been issued for users of iPads, iPhones and iPods

Apple released a fix for mobile devices running iOS 7 last week but a spokesperson issued the following statement about OS X: "We are aware of this issue and already have a software fix that will be released very soon."

The fix was released on Tuesday.

According to researchers the security flaw had existed for months but no-one had reported it publicly.

Graham Cluley, a security analyst, said it was a failing by the company that it had not been identified earlier.

"It's pretty bad what Apple have done, they've seriously dropped the ball. How much the problem has been exploited is hard to say. Hackers may now be trying to take advantage while users wait for the security fix."