Macs, iPhones, iPads at risk at public Wi-Fi hotspots

摘要

A security flaw discovered in late February 2014 could allow a hacker to intercept your data when your Mac, iPad or iPhone is connected to an unprotected Wi-Fi hotspot, such as in a coffee shop. Most websites handling sensitive data use SSL or TLS to establish an encrypted connection between the server and computer, preventing unauthorised access to data entered online, including credit-card details and login credentials. If an attacker does manage to intercept the data, they won't be able to read it. However, Apple's validation of SSL encryption had a coding error that bypassed a key validation step in the protocol for secure communications. An extra goto fail command that hadn't been properly closed in the SSL code meant that unencrypted communications sent over unsecured Wi-Fi hotspots could be intercepted and read.