As we await iOS 7.1‘s public release – currently expected to drop mid-March – Apple has tonight released yet another small, but notable, ‘point’ update for its iOS 7 operating system.
The update addresses issues found with how the mobile OS verifies SSL connections.
iOS 7.0.6 was pushed out to Apple’s update servers just after 10AM PST, tonight. The update is classed as a “Security Fix” relating to how iOS 7 intrepets (and verifies) when a user is connecting to the internet via a Secure Sockets Layer.
What Is SSL?
Secure Sockets Layer (SSL), is a cryptographic protocol which is designed to provide communication security over the Internet. It generally tends to take advantage of X.509 certificates, and asymmetric cryptography, to assure the other party with whom users are communicating. This process is also sometimes used to exchange what’s called a “symmetric key.”
This session key is then used to encrypt data flowing between two parties, thus allowing for both data and message confidentiality, alongside message authentication codes for message integrity – and, as a by-product, message authentication.
The update is available to the public both via the software’s over-the-air feature, for those who happen to already be running a previous version of iOS 7, or alternatively – can be downloaded directly via iTunes through the “Check for Updates” mechanism, and then side-loaded onto your device(s) using a cord.
UPDATE: What’s New
Here’s the official description for the update:
Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later.
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS,
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
/ Image Credit: MR