Security research company last week announced it had discovered a flaw in Apple's local password protected iTunes backups in iOS 10 that reportedly weakened password security. Apple has now acknowledged the flaw and has confirmed that it is working on a fix.
An Apple spokesperson in a statement to Forbes said, "We're aware of an issue that affects the encryption strength for backups of devices on iOS 10 when backing up to iTunes on the Mac or PC. We are addressing this issue in an upcoming security update." The Cupertino-based giant again stressed that the flaw "does not affect iCloud backups." In the meanwhile, Apple has recommended users to "ensure strong passwords on their Mac or PC."
"We recommend users ensure their Mac or PC are protected with strong passwords and can only be accessed by authorized users. Additional security is also available with FileVault whole disk encryption," added the spokesperson. Unfortunately, the company has not revealed an exact timeline for the update.
The security research firm ElcomSoft claimed that the security flaw can let attackers develop a new attack that can bypass certain security checks when tallying passwords protecting local backups in iOS 10 devices. "The impact of this security weakness is severe," claimed the firm. It also said that the new security check in iOS 10 was roughly "2,500 times weaker" compared to the one used in iOS 9 backups.
It's worth mentioning that the flaw discovered cannot be exploited remotely and needed the attacker to have access of the local backups in iOS 10.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.