Apple has recently rolled out a seemingly incremental software update to their mobile operating system. However, iOS 7.0.6 isn’t a typical bug fix we used to seeing in this simple update.
In layman’s term, prior to this update, hackers are able to bypass the security which allows them to intercept sensitive information like financial data, email and even Tweets and Facebook posts.
A number of cryptographers and coding whizzes have discovered that the flaw is brought by the “goto fail” code which causes some issues with the digital handshake between the user and a secured website or client.
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
The latest version of iOS is available for iPhone 4 and later, as well as iPad 2 and above. In case you weren’t automatically prompted about the update, you can manually check for update by going to Settings -> General and select Software Update.