iOS 7.0.6 patch quietly released to fix SSL authentication vulnerability

Apple has released an update for iOS 7, dubbed iOS 7.0.6. While it was quietly done by the iPhone maker, the patch addresses an SSL connection issue that may make users vulnerable to hacking.

The company rolled out the iOS 7.0.6 for users of iPhone 4 and later iterations, fifth generation iPod touch, and iPad 2 and the tablet's newer siblings. The company did not issue any statement about the importance of the update but with SSL authentication vulnerability listed as the issue, it will be best for iDevice users to install the latest software update, the sixth since releasing the latest mobile operating system.

Apple does not normally discuss or disclose security issues or fixes as they may further make end-users more vulnerable. However, the information on the support page for the said update hints of the possible implications without the update.

"An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS," the support page stated.

"Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps," it added.

For those who might not be familiar, Secure Sockets Layer or SSL is a basic encryption form when connecting to the Internet. It serves like a cloak so no one can see what one is doing over the Web. Without SSL, a person in the same network who has the know how can easily siphon sensitive data such as online banking credentials, credit card information, email account passwords, among others. Such hacks are known in the technology world as man-in-the-middle attacks.

Without the update, the iDevice user can unknowingly be attacked especially in shady, public Internet connections. The attacker can be camouflaged as a trusted network and intercept data between the gadget and the target server. Of course, modifying the data in transit can also be done, giving cybercriminals full control of one's Apple device.

The SSL authentication vulnerability is apparently not just affecting the iOS platform. Security firm CrowdStrike revealed that the OS X also has the same weak point.

Apple has not released an updare for the OS X vulnerability but it is expected to be out very soon.

CrowdStrike stated that software update mechanisms can also be exploited unless proper signature verification is properly employed.

"Update your Apple devices and systems as soon as possible to the latest available versions. Do not use untrusted networks (especially WiFi) while traveling, until you can update the devices from a trusted network. On unpatched mobile and laptop devices, set "Ask to Join Networks" setting to OFF, which will prevent them from showing prompts to connect to untrusted networks," Alex Radocea, senior engineer at CrowdStrike, wrote.

A mid-cycle software update that will push several bug fixes is expected for the iOS 7 this March.

Along with the iOS 7.0.6, Apple also released update 6.1.6 for the fourth generation iPod touch and the iPhone 3GS.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics