IT Alert - New security flaw affects multiple Apple devices
Last Friday, Apple announced a serious security flaw that affects all iPhones, iPads, and iPod devices running iOS 6 or 7, and desktops or laptops running OS X Mavericks (10.9 or 10.9.1). The flaw allows an attacker to intercept data transmissions, and steal your information. Examples of applications that are impacted: Safari, Mail, Messages, Twitter, Calendar, and FaceTime. The TTU IT Division recommends updating your iPhone, iPad, and iPod touch (Settings > General > Software Update) and OS X Mavericks (Apple menu > Software Update) now.
Until these updates are applied, do not use public Wi-Fi networks (Hotels, coffee shops, restaurants, etc.; note that TTUnet Wi-Fi is not impacted by this security flaw). In addition, Apple recommends that customers using Apple desktops and laptops use either Firefox or Chrome browsers instead of Safari until your system is updated.
In order to protect your system, the TTU IT Division recommends the following Safe Computing Practices:
- Avoid visiting unknown or untrusted websites, or clicking on advertisements or search engine results;
- Do not click on links contained within an email unless you are certain of the sender's identity and expecting the information;
- Do not open email attachments unless you are certain of the sender's identity and expecting the information. Delete and do not reply to any of these emails;
- Update your desktop, laptop, and/or mobile device anti-virus software; and
- Keep current on critical system updates:
- Windows Users: http://update.microsoft.com
- Mac Users: Use Software Update in System Preferences
As a reminder, TTU IT Security Policies indicate:
- Mobile computing devices are generally not secure and inherently at risk for data loss. As such, Texas Tech University confidential or sensitive information should not be stored on a mobile computing device.
- In the event that there is a justifiable business need to store and/or transfer confidential or sensitive information to a mobile computing device, appropriate security measures must be implemented that protect the data at rest on the device and in transit to and from the device, and that prevent unauthorized access to the device. These measures include the use of encryption at rest and in transit, and the use of a strong password for access to the device. See the Mobile Device Encryption Standard and Using data protection and encryption for specific standards and guidelines.
For questions or further assistance, please contact IT Help Central.