Apple issues iOS update for major SSL security flaw, OS X still waiting

Apple has rushed an update to plug a security hole associated with SSL encryption.
By Ananth Baliga   |   Feb. 24, 2014 at 11:46 AM   |   Comments

CUPERTINO, Calif., Feb. 24 (UPI) -- Apple on Friday issued iOS 7.0.6, an update for a secure socket layer flaw that could have allowed hackers to intercept emails and other communications.

The update was rushed out the door Friday and will fix the vulnerability, wherein Apple devices were not doing SSL/TLS hostname checking. This left devices vulnerable to Man in the Middle attacks, where communications between your browser and a server can be monitored by an outsider.

The SSL flaw is unexpected and maybe a little embarrassing for Apple, considering that SSL encryption has been around for years. According to reports, it is possible that this glitch could have sneaked in the iOS 6.0 code.

The update is available for the more recent iPhones (4 and later), iPod touch (5th generation) and iPad (2nd generation). Other older devices seem to have been ignored.

Meanwhile security researchers say that Apple computers running OS X could be at a greater risk of such attacks, and remain at risk until Apple issues an update it says to expect "soon."

Until then, Mac OS X users have been advised against using unsecured or public Wi-Fi networks, as the Safari and Mail apps in particular are still vulnerable, and in the meantime to use Chrome or Firefox.

The urgency with which Apple has rushed this update makes it seem like the security hole was major. iOS users can update their devices to the 7.0.6 version and those on older devices, like the 3GS or an old iPod touch, can download iOS 6.1.6.


Follow @antbaliga and @UPI on Twitter.
Contact the Author
© 2014 United Press International, Inc. All Rights Reserved. Any reproduction, republication, redistribution and/or modification of any UPI content is expressly prohibited without UPI's prior written consent.
Recommended UPI Stories
Featured UPI Collection
Celebrity Couples of 2014 [PHOTOS]

Celebrity Couples of 2014 [PHOTOS]

Most Popular
Tony Hayward: Kurdish oil sector open for business Tony Hayward: Kurdish oil sector open for business
Textron's G-CLAW on target in live-fire demonstration Textron's G-CLAW on target in live-fire demonstration
Creator of 'Honey Badger Don't Care' brand sues for trademark infringement Creator of 'Honey Badger Don't Care' brand sues for trademark infringement
Pay up, Gazprom tells Ukraine Pay up, Gazprom tells Ukraine
Starbucks testing smaller Frappuccinos Starbucks testing smaller Frappuccinos
Trending News