Forums >Off the Beaten Path>iOS 7.06 Security Update -- Backup your iDevice first!
an amazing likeness
Apple quietly released iOS 7.06 late Friday afternoon, fixing a problem in how iOS 7 validates SSL certificates. Attackers can exploit this issue to launch a man-in-the-middle attack and eavesdrop on all user activity, experts warned. "An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS," Apple said in its advisory. Users should update immediately.
Just two words of advice -- #1 is you do want this update quickly, and #2 be sure you've got your iDevice backed up before applying it.
The updated bricked 2 of the 3 devices I applied it to today and required a full wipe and reset of the iPad.
MTA: Article on Slate about same issues....
Acceptable at a dance, invaluable in a shipwreck.
This is a critical bug. The update should be installed ASAP. Without this fix, your iDevices will trust any secure connection without verifying who they are connecting to. You may think your connection is encrypted, but it's akin to letting someone into your house that claims to be a police officer without checking whether he has a badge.
Also, download the update when you are at home, and not at Star Bucks or other public WiFi. Otherwise, the update you downloaded cannot be trusted.
rectumdamnnearkilledem
FTR, I'm not fond of iOS 7. I loved 5 and 6, but 7 irritates me on a regular basis. It was flaky on my 4s. Upgraded to the 5s and the issues are still there. Biggest annoyance is the proximity sensor's failure a lot of the time, which leads to speakerphone or Facetime triggering at random. /rant
Getting the wind knocked out of you is the only way to
remind your lungs how much they like the taste of air.
~ Sarah Kay
Good Bad & The Monkey
LOVE iOS7. Zoomy is wrong.
I'm running somewhere tomorrow. It's going to be beautiful. I can't wait.
Poor baby
I'm far from the only one disenchanted with the OS. a friend who works at an Apple store is also not a fan. Fortunately my biggest beef is related to phone function and I don't spend a lot of time on actual calls.
Regardless of your affinity or distaste for iOS 7, this is a major security hole which effectively renders SSL connections as unsecure. You want to get this fixed if you do anything over a public wifi.
I updated my phone without issue. Tonight to update the iPad.
tomatolover
i've been googling my question, but haven't yet found an answer: Is this only for iOS 7 users or also 6.1? I Haven't updated my iPhone 4 to 7.0 and haven't gotten any updates from apple to update 6 for security.
You want update 6.1.6 .... should be available now.
It appears the same bug affects OS X. An update in not yet available but should be soon. Stay off public WiFi until you're patched.
MTA now we know why the Snowden docs suggested that NSA could compromise any iOS device. Would love to know what Apple finds when it reviews its commit logs.
a friend who works at an Apple store is also not a fan
Hardly a credible source. Working in an Apple store may indicate poor judgement. Apple store employees are notoriously unhappy.
If the code snippet I saw is true, then this bug could potentially exist in all of Apple's products. At this time, we don't have information on when this bug was introduced. Until the problem is fixed, I would avoid going to any website where encryption is desired, even if I am not on a public WiFi such as when I'm at home.
Supposedly, Chrome and Firefox are not affected by this problem because they do not rely on this bit of code. However, the Mozilla Foundation said that you trust but verify.
If you are paranoid, then this bug has no easy fix. Since the connection cannot be secured, you cannot be sure that the patch you downloaded from Apple is truly provided by Apple. I don't think Apple provides MD5 or SHA hashes of their updates.