Apple releases iOS 7.0.6 fixes major SSL bug

On February 24, 2014


The guys at Apple sure have been busy this past week, when they released an update to iOS 7 we had no idea just how important this update really was.

According to a support document Apple has uncovered a major security flaw in iOS 7, this update should have fixed that, according to the support document Apple patched a specific vulnerability that could allow an attacker with a “privileged network position” to capture or modify data protected by SSL/TLS. This pretty much means that iOS has been vulnerable to attacks from outside sources.

Apparantly this is also a problem for OS X, however Apple has yet to release an update. A spokesperson told Reuters however that Apple is aware of the problem and they are working hard to fix it.

Here is the full text from the Apple support document:

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see “How to use the Apple Product Security PGP Key.”

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see “Apple Security Updates“.

iOS 7.0.6

  • Data SecurityAvailable for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and laterImpact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLSDescription: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.CVE-ID