Posted by: David Harley | February 22, 2014

Major iOS 7.0.6 update

[Further update (23rd February): commentary and advice from Stephen Cobb at ESET, who also looks at the issues for OS X users – OS X has the same vulnerability and hasn’t been patched yet. Safari users might consider using Chrome or Firefox for the moment. He also includes a link to Crowdstrike’s blog which I intended to include here before, but it slipped my mind (my bad!) And John Gruber has thoughts On the Timing of iOS’s SSL Vulnerability and Apple’s ‘Addition’ to the NSA’s PRISM Program further to an earlier article on Apple’s SSL/TLS Bug.]

[Update: good commentary from Graham Cluley here.]

Provides a fix for SSL connection verification. Needs iPad 2 or later, iPhone 4 or later, iPod 5th gen.

Apple’s minimal security info here.

CVE-2014-1266 refers.

Seems to be fairly urgent according to The Register and ZDnet. (HT to Graham Cluley re that ZDnet link.)

David Harley
Small Blue-Green World

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: