Said bug left millions of iOS device owners to man-in-the-middle attacks.

Apple Logo

Apple recently released iOS 7.0.6 out of the blue, its an incremental update that in no way overshadows the much awaited iOS 7.1 update. The changelog said that this security update provided a fix for SSL connection verification, it didn’t go into many details about the implications of this gaping security hole. Some of the top cryptography experts hinted at just how bad the situation was prior to the fix, as cryptography professor Matthew Green of Johns Hopkins wrote on Twitter, “It is bad. Really Bad.”

The update only patches vulnerability in iPhone 4 and later, 5th generation iPod touch and all iPads from the 2nd generation iPad. Basically the exploit would let anyone with a certificate signed by a “trusted CA” to perform a man-in-the-middle attack, allowing them to siphon crucial communications such as login credentials and emails exploiting the major SSL vulnerability that existed in iOS. The exploit has also been patched on two older devices, iPhone 3GS and the iPod touch 4G, through iOS 6.1.6.

Obviously it goes without saying that all iOS users having a compatible device shouldn’t waste any time in updating to iOS 7.0.6. So far it is not known for how long this exploit has existed in iOS.

Source: TechCrunch


Leave a comment