iPhone

Devices with the New Apple iOS 7.0.6 Update are Open to Security Attacks and Hackers

By on

 

[wzslider autoplay=”true”]

images (3)

What’s worse than hackers and viruses?

Your device being vulnerable to their attacks. And you could not do a thing about it.

Last Friday, February 21, 2014, Apple rushed the release of iOS 7.0.6 with a patch for a shockingly overlooked SSL (Secure Socket Layer) encryption issue. This endangers iPhone, iPad and Mac computer users open to a man-in-the-middle (MITM) attack. Apple’s software for mobiles, tablets and desktops is not doing its own share of SSL/TLS hostname checking; this means that communication done with these devices that are meant to be encrypted,?are not.?It can also affect all available Apple devices and?allow hackers to intercept and alter communications such as email and login credentials. Hating this news bit so far? So are we.

ios-update-ios-706

Unfortunately, Apple has not released a statement about the matter. This made Apple users angry all over the world because nobody even knows for sure which?iPhone, iPad, iPod touch, or Mac computer is affected by the major, and somewhat shocking, flaw.

Users have taken to ?Twitter their disappointment.

 

“I’m not going to talk details about the Apple bug except to say the following. It is seriously exploitable and not yet under control.”

– Matthew Green, @matthew_d_green

Today’s show was brought to you by Apple, SecureTransport, and the letters SSL. Oh wait, the letters SSL didn’t actually do anything.

-?Dino A. Dai Zovi, @dinodaizovi

So goto fail was added before October 2013. It is in 10.9 but not 10.8.5; and it is in iOS 6.1 and iOS7Ouch. Long time to not support SSL

-?the grugq, @thegrugq

 

It gets worse. The flaw will allow anyone with a certificate signed by a “trusted CA” do a man-in-the-middle (MITM) attack. That is a red flag right there.

ios7_homescreen

A man-in-the-middle attack ?intercepts communication, especially unencrypted passwords, between yourself and the recipient of the message or the website. The attacker will be able to read, insert and modify the data or information you will be sending in the communication process.?Of course, if the hacker has access to your personal data, he/she could also impersonate a trusted website to install malware or steal valuable data from you.

Now, users are just waiting for Apple to do something about this major flaw.

About the author

To Top