Security Issue Addressed in Apple iOS 7.0.6 Update

For those Apple device users out there, especially those who store any kind of sensitive personal or business information on their device (which I’ll venture to say is 100% of users), Apple released a security update to iOS today which includes a significant security fix.

Here’s what Jared Blake, our CTO had to say about the update:

“Apple released an update to iOS today to address a very serious security issue that had been discovered. While there are not a lot of details from Apple on what the issue was, their release notes indicate that there was not appropriate SSL/TLS connection verification happening. What this means is that if a malicious actor was able to get in the middle of an iOS device and the network connection it was trying to make, that connection could be hijacked, even if it was secured with SSL/TLS.

One of the classic vulnerabilities for secure connections is to not fully verify the authenticity of the connection and it appears this is what was happening in iOS. It is another reminder that developers need to be aware of the environment where their app is running and not just assume the OS is going to protect them.”

If you haven’t updated to iOS 7.0.6 yet, we’d highly recommend doing so. Chop-chop!

It’s important to note that this is for the following Apple devices:

  1. iPhone 4 and later
  2. iPod touch (5th generation)
  3. iPad 2 and later

You can read more about the iOS 7.0.6 update here.

Kudos to Apple for the fix. We’re definitely fans of updates and activity that protect mobile device users.

Filed under:

About the Author: Michael Girdley