Apple Users: Did the Recent “Gotofail” Bug Put Your Data At Risk?

March 2014: If you’re an Apple user, hopefully you’ve heard about the recent major security problem affecting iPhones, iPads, Mac computers and other Apple devices and have already downloaded the patches (if not, we’ll tell you how).

But now that the immediate scare is over, should you be worried about what might have happened to your personal data while the security gate was open? Here’s what all Apple-using frogs need to know:

What, exactly, was the problem?
A line of code deep in the system had been allowing “man-in-the-middle” hackers to capture, hijack or modify information as it was being transferred between devices. Normal security processes that include “signature verification” and encryption of data while en route (called SSL and TLS) weren’t working properly because of the faulty code. Hackers could have also built fake websites that mimic legitimate websites — like your bank’s — and you and your devices would never have known the difference.

Which apps were affected?
Safari, Mail, Calendar, Twitter, iMessage, Facetime, Keynote, iBooks and others, including Apple’s own software update process.

What’s the likelihood that my accounts or personal information have been compromised?

Not very high. There haven’t been reports of major attacks and, despite some speculation, it’s very doubtful the NSA could have used this vulnerability to collect information because the collector would have to be in WiFi distance from your computer. But the coffee-shop hacker is not a conspiracy theory — it’s real. Make sure to update your devices (see below) because you, smart frog, know that hackers jumped all over this vulnerability the moment the news broke.

Has the problem been fixed?
Yes. Here is the Apple Security Update page. See below for update instructions.

How long had it been a problem?
Reports conflict. Some say 18 months; others say just a few months. When it comes to OS X, only 10.9 and 10.9.1 (Mavericks) were affected. Details are still unclear about how the bug was discovered.

How do I test my Mac to see if it’s safe?

Go to the test site while using Safari. If you see this message, hop on that update!

gotofail2Why is it called “Gotofail”?
Because the whole problem revolved around a single “goto” command in the code.

What should I do if something like this happens again?
It depends on the bug but in general always take these precautions:

  • Don’t use public WiFi. If you must, make sure it’s one that requires a password.
  • Keep your iPhone and iPad WiFi settings on “Ask To Join Networks” so you don’t automatically join untrusted networks as you move around.
  • Change your passwords every few months.

How do I update my devices?
As with all operating system updates, make sure to back up your device first!

  • Apple mobile device (iOS) users: Go to Settings > General > Software Update. If you have an older device and no available update is listed, your device is not affected by the bug.
  • Apple laptop and computer (OS X) users: Go to the App Store and choose the App Updates tab. Updated operating systems include OS X Mavericks v10.9 and 10.9.1, OS X Lion v10.7.5 and OS X Mountain Lion v10.8.5. The new OS X Mavericks 10.9.2 includes the necessary Safari security patches and has other upgrades in addition to the security patches.
  • Apple TV Users: If your device is not set to update automatically, update it by going to Settings > General > Software Update.
You may also be interested in: