Apple’s security flaw – an isolated incident?

The news of the security flaw in Apple’s SSL/TLS implementation was reported in the Globe and Mail’s Report on Business today (Feb. 27) and in many other publications over the past few days.

A few nuggets of information:  it’s been there for 18 months, it has affected multiple products, it was caused by a single line of code that was buggy, it was only exploitable if you had access to the wireless network that was being used (such as free WiFi in a coffee shop), and a fix was very easy to produce (and has been sent out to customers already).

Sum total:  a rapid and effective response to the discovery, but also some dubious checking and testing of the original software.  The fact that it occurred resulted in the article headline including “fears of a damaged brand.”

This brings a few questions to mind:

  • Has Apple’s popularity gotten to the point where hacking it’s software is worth the effort?
  • How easy is it to miss this type of error during the testing process?  Is it even possible to actually test every possible flaw?
  • What happens to people who don’t download software updates very often?
  • What about older devices that may not be current (such as my Apple iPad V1 and iPod Nano)?
  • How much should a company like Apple say to people when this type of problem is detected?  Is silence golden?
  • Should this type of issue really affect the company and its stock?  Would people look for these flaws simply to take advantage of the stock market changes it might cause?
  • Given the control Apple has over its ecosystem, if this type of problem can still happen, then what does it say about other platforms?

It certainly does beg the question – how serious is this type of problem really?  Is this something we will always have to live with?  What happens when the Internet of Things arrives and our refrigerators and toasters end up with software glitches?  What might happen in SaaS-based cloud systems when we are generally assuming the service provider has done all the testing that is needed?

These are just a few of my thoughts.  What do you think?

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Don Sheppard
Don Sheppard
I'm a IT management consultant. I began my career in railways and banks after which I took up the consulting challenge! I try to keep in touch with a lot of different I&IT topics but I'm usually working in areas that involve service management and procurement. I'm into developing ISO standards, current in the area of cloud computing (ISO JTC1/SC38). I'm also starting to get more interested in networking history, so I guess I'm starting to look backwards as well as forwards! My homepage is but I am found more here.

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight