Apple has recently rolled out a seemingly incremental software update to their mobile operating system. However, iOS 7.0.6 isn’t a typical bug fix we used to seeing in this simple update.
According to the update’s description, the new update fixes the vulnerability on the OS wherein “An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS”.
In layman’s term, prior to this update, hackers are able to bypass the security which allows them to intercept sensitive information like financial data, email and even Tweets and Facebook posts.
A number of cryptographers and coding whizzes have discovered that the flaw is brought by the “goto fail” code which causes some issues with the digital handshake between the user and a secured website or client.
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
The latest version of iOS is available for iPhone 4 and later, as well as iPad 2 and above. In case you weren’t automatically prompted about the update, you can manually check for update by going to Settings -> General and select Software Update.