Apple is scrambling to fix a security flaw described by one expert as being "as bad as you can imagine".
A failure in checks on the validity of a website’s security (SSL) certificate means hackers could potentially pose as a trusted site and intercept or modify data.
A fix, iOS 7.0.6, has already been released for iPhones and iPads and Apple are now developing one for its Mac OS X computer operating system.
Johns Hopkins University cryptography professor Matthew Green, told Reuters: "It's as bad as you could imagine, that's all I can say."
The flaw was discovered by security firm Crowdstrike and has been confirmed by Apple.
A statement on Apple's website said understatedly that the flaw meant software "failed to validate the authenticity of the connection".
Some experts are urging Mac users to exercise caution until the bugs are sorted.
Adam Langley, a senior software engineer at Google, said: "This sort of subtle bug deep in the code is a nightmare.
"I believe that it's just a mistake and I feel very bad for whomever might have slipped in an editor and created it."