Apple Releases iOS 7.0.6 Update to Patch Gaping SSL Security Hole
If you own an iOS device, there's a security update you should be aware of. As Apple explains it, without the patch "an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS." This means if you're connected to an unsecured network, an attacker can peek at the data being sent back and forth between services like Facebook.
Straight to the point, the primary problem is that unpatched Apple devices fail to validate the authenticity of connections. The patch makes things right again by "restoring missing validation steps," Apple states in a support document.
It's not clear how Apple became aware of the issue and whether or not it knows of any cases where an attacker has taken advantage of the vulnerability. However, SSL is commonly used to transfer sensitive data, including payment information, so without the patch a hacker can spoof a legitimate website like a banking institution.
The patch is available for iPhone 4 and later, iPod touch (5th generation), and iPad 2 and later devices.
Straight to the point, the primary problem is that unpatched Apple devices fail to validate the authenticity of connections. The patch makes things right again by "restoring missing validation steps," Apple states in a support document.
It's not clear how Apple became aware of the issue and whether or not it knows of any cases where an attacker has taken advantage of the vulnerability. However, SSL is commonly used to transfer sensitive data, including payment information, so without the patch a hacker can spoof a legitimate website like a banking institution.
The patch is available for iPhone 4 and later, iPod touch (5th generation), and iPad 2 and later devices.
