Apple is reportedly working on a fix for that SSL security hole in OS X. Apple has fixed the bug for iOS, but its desktop operating system is still vulnerable. While it sounds scary (and it can be if someone gains access to your system), you’re not in as much danger as you may think. Below are a few tips you can follow to help protect your computer and your data from unauthorized intruders making use of the man-in-the-middle attack.
Avoid Public and Untrusted Networks
The Apple vulnerability requires the attacker to be on the same network / WiFi router to intercept your sensitive data such as passwords and more. Fortunately, that limits who can exploit this vulnerability. In other words, if you’re worried about this exploit, avoid using public networks until Apple issues a fix and you update your machine. If you have to use a public network, there are a couple of precautions you can take.
Don’t Use Public Networks for Anything Important
If you’re going to browse around the internet while on a public network, avoid doing anything that may involve sharing sensitive information.
- Don’t check your bank account.
- Don’t log into anything that you wouldn’t want anyone else logging into.
In fact, even before this vulnerability was a concern, (and even after it’s patched) logging into bank accounts is something I’d strongly advise against even if you force SSL with your browser.
Try a Different Browser
You will want to avoid using Apple’s Safari for now if you’re on a public network. We’ve read around, and it seems that Chrome and Firefox are safe bets for now, especially Firefox. You can check your browser here. That site/testing tool will tell you if you’re vulnerable on your current browser.
Force SSL for all Websites w/Chrome and Firefox
Security is all about layers as nothing is 100%. With that said, use browser plugins and extensions to enforce SSL for as many websites as possible, all the time.
When’s a Fix Coming?
Apple needs to fix the vulnerability, but there’s no word on when that will happen. We’ll just have to wait for the Cupertino folks to roll out an update. At least there’s a way to cover yourself for now.