Brown University

Patches now available for iPhone, iPad & OSX devices

Patches are now available for the security flaws in iPhone, iPad, AND OSX devices. Last Friday Apple released iOS 7.0.6 to address a security flaw and provided these details on that fix:

iOS 7.0.6 | Data Security | CVE-2014-1266

Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

Since this flaw is easily exploitable, ISG recommends that you upgrade to 7.0.6 as soon as you can. It is an unfortunate reminder that Apple products can be vulnerable and its users need to stay current with all security patches.

The same flaw existed in desktop and laptop computers powered by its OS X operating system. The OS X Update 10.9.2 is now available, which includes the security fix.

Related Links:
Apple's Security Update page: http://support.apple.com/kb/HT1222
About the security content of iOS 7.0.6:  http://support.apple.com/kb/HT6147
About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001:  http://support.apple.com/kb/HT6150
SANS Internet Storm Center: https://isc.sans.edu/forums/diary/IOS+SSL+vulnerability+also+present+in+OS+X/17702
Brian Krebs blog post: http://krebsonsecurity.com/2014/02/ios-update-quashes-dangerous-ssl-bug/