Apple rushed out an update late Friday (early Saturday here in Malaysia) to patch a massive security flaw in its iOS software. The 7.0.6 patch fixes a critical SSL verification flaw in Apple’s mobile and tablet operating systems. There is also a patch to address the same issue on iOS 6 as well as Apple TV, which can only mean that the flaw which protects secure SSL/TLS sessions affects multiple Apple devices.
Apple themselves, in their update details have refrained from outlining the details of the fix – primarily to avoid any kind of malicious exploit from taking advantage of devices which have yet to be patched, but security experts who have studied the fix claim that the problem is widespread and has been around for sometime. The patch for iOS 6 further adds fuel to the claims. Others have brought up the question of whether the same flaw is present in Apple’s popular OSX operating system as well.
SSL/TLS sessions are used to encrypt and verify communications between an end user and a website server. Primarily, this protects business and financial, as well as login information from being intercepted by a 3rd party during transit. An additional line of code found in Apple’s iOS software bypasses the SSL/TLS security protocols and allows an attacker to intercept and manipulate the data for a variety of malicious reasons.
The patch is already available for download now and we recommend updating it as soon as possible if you frequently use your mobile devices to conduct financial transactions and exchange sensitive information online.