Apple has released an incremental firmware update for its iOS devices to fix a SSL encryption bug that has been the topic of much debate on social media. This bug would let an attacker perform a man-in-the-middle attack. What this means is that an attacker will be able to intercept and edit important information such as login credentials and emails when they’re sent from iOS devices, provided that the attacker have a certificated from a “trusted CA.” To plug this exploit, iOS 7.0.6 and 6.1.6 are now available for download.
This is a crucial security vulnerability to say the least, and Apple hasn’t clarified just for how long it has existed in iOS. iOS 7.0.6 covers all iPads up from the 2nd generation tablet, all iPhones up from iPhone 4 and the iPod touch 5G. iOS 6.1.6 plugs the exploit of iPod touch 4G and the iPhone 3GS. Apple describes the fix as “restoring missing validation steps,” to ensure that no data in sessions protected by SSL/TLS is intercepted. It is therefore highly recommended that all users with compatible devices immediately download the iOS 7.0.6 or iOS 6.1.6 update, these are incremental updates weighing in at just over 13MB. No point in delaying the download as this exploit does happen to be quite critical.