Home > Personal Technology > Apple > iOS 7.0.6 fixes serious SSL encryption bug on iPhone, iPad and iPod touch

iOS 7.0.6 fixes serious SSL encryption bug on iPhone, iPad and iPod touch

Said bug left millions of iOS device owners to man-in-the-middle attacks.

Apple Logo

Apple recently released iOS 7.0.6 out of the blue, its an incremental update that in no way overshadows the much awaited iOS 7.1 update. The changelog said that this security update provided a fix for SSL connection verification, it didn’t go into many details about the implications of this gaping security hole. Some of the top cryptography experts hinted at just how bad the situation was prior to the fix, as cryptography professor Matthew Green of Johns Hopkins wrote on Twitter, “It is bad. Really Bad.”

The update only patches vulnerability in iPhone 4 and later, 5th generation iPod touch and all iPads from the 2nd generation iPad. Basically the exploit would let anyone with a certificate signed by a “trusted CA” to perform a man-in-the-middle attack, allowing them to siphon crucial communications such as login credentials and emails exploiting the major SSL vulnerability that existed in iOS. The exploit has also been patched on two older devices, iPhone 3GS and the iPod touch 4G, through iOS 6.1.6.

Obviously it goes without saying that all iOS users having a compatible device shouldn’t waste any time in updating to iOS 7.0.6. So far it is not known for how long this exploit has existed in iOS.

Source: TechCrunch

Adrian Fonseca
Adrian Fonseca keeps a close eye on all Apple news, rumors, leaks and developments. In his spare time, he likes to read books.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Read previous post:
PC version of ‘Thief’ won’t support AMD’s Mantle on launch

Eidos Montreal has revealed that Thief on PC won't have launch support for AMD's new Mantle API, and instead will...