Friday 2/21/2014, Apple released security update iOS 7.0.6 for its iPhone, iPad and iPod devices to fix a vulnerability which allowed an attacker to capture and modify secure web traffic from the devices. Yeah, not good.
OS 7.0.6
Data Security
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
CVE-ID
CVE-2014-1266
The update is available from your device via Settings –> General –> Software Update on iPhone 4 and later, iPod Touch (5th Gen) and iPad 2 or later. Apple also released iOS 6.1.6 for the iPhone 3GS and iPod touch (4th Gen) devices. So if you still have a device make sure to get it updated as well.
So… are you updated yet?
It’s also worth noting that Apple sill hasn’t fixed the SSL security hole in OS X. But check out our article: How to Protect Yourself from the SSL Security Hole in OS X.
2 Comments
Leave a Reply
Leave a Reply
Brian Burgess
Nope. I jailbroke, waiting to see when a new jailbreak version comes out. Actually, I am sure Evasi0n will work. that is usually the most up-to-date:
https://www.groovypost.com/howto/jailbreak-ios-7-iphone-ipad-evasion7/
Tenika
I haven’t updated either because my phone is jailbroken too. Are you saying you think you can update and then use Evasi0n 7 and rejailbreak successfully or that the Evasi0n 7 jailbreak already takes care of the security hole?