e
ernard
Feb 25, 2014

How serious of a threat is the security flaw found in iOS 7?

I heard a short story on the news this weekend about a security vulnerability that was found in iOS 7. How serious of a threat is it, and how long has it existed?

jimlynch
02/25/2014
If you have an iOS device, I'd update it right now. It's better to be safe than sorry.

http://support.apple.com/kb/HT6147

"iOS 7.0.6

Data Security

Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps."
kreiley
02/25/2014

It’s worth updating immediately. The flaw exposes you to potential man in the middle attacks, by skipping validation checks when SSL/TLS connections are being established. As Apple puts, it: "An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. ... This issue was addressed by restoring missing validation steps."

 

Oh, and it’s been around since September 2012, apparently, since iOS 6 is also being patched. To see if your device is vulnerable, you can test it out at https://gotofail.com

Answer this