AD
元器件交易网讯 2月26日消息,据路透社报道,苹果公司已修复其Mac电脑上会使黑客截获电子邮件数据的安全漏洞,并且为几天前曝光的小故障打了补丁。所有的苹果用户现在都可以打这个安全补丁。
该漏洞能够使攻击者访问移动用户不安全的网络诸如提供无线服务的咖啡馆。攻击者能够查看或修改用户和受保护的网站之间联系,如谷歌公司的Gmail或Facebook。专家说能够访问电信运营商数据的政府也可以利用这个漏洞。
此漏洞产生与协议被执行的方式,以及苹果软件如何识别网站为建立加密连接而应用的数字证书有关。
研究人员表示,该漏洞可能已经存在了好几个月。苹果公司并没有表示何时获悉在SSL层上iOS中处理会话方式存在漏洞,也没有表示这个安全漏洞是否已被攻击者利用。
苹果公司发言人拒绝对此事发表评论。(元器件交易网 白玉涛译)
以下为外文:
Apple Inc has issued fixes for a security flaw in its Macintosh computers that allows hackers to intercept data such as email, patching a major and embarrassing glitch that came to light several days ago.
The security update for users of Apple"s OS X computer operating software follows a fix issued for iPhones last week, meaning all Apple device users now have access to the patch.
The flaw allowed attackers with access to a mobile user"s network, such as a shared unsecured wireless service offered by a cafe, to see or alter exchanges between the user and protected sites such as Google Inc"s Gmail or Facebook.
Governments with access to telecom carrier data could do the same, experts said.
On Tuesday, Apple said in a statement that the Mac security update also improved features such as its FaceTime videoconferencing service and email.
The flaw appeared related to the way in which well-understood protocols were implemented, and how Apple"s software recognizes digital certificates used by websites to establish encrypted connections.
Researchers have said the bug could have been present for months. Apple has not said when or how it learned about the flaw in the way iOS handles sessions, in what are known as secure sockets layer (SSL) or transport layer security. Nor has it said whether the flaw was being exploited.
A spokesman for the company declined to comment on Tuesday.
