Apple has recently rolled out a seemingly incremental software update to their mobile operating system. However, iOS 7.0.6 isn’t a typical bug fix we used to seeing in this simple update.
According to the update’s description, the new update fixes the vulnerability on the OS wherein “An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS”.
In layman’s term, prior to this update, hackers are able to bypass the security which allows them to intercept sensitive information like financial data, email and even Tweets and Facebook posts.
A number of cryptographers and coding whizzes have discovered that the flaw is brought by the “goto fail” code which causes some issues with the digital handshake between the user and a secured website or client.
static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
{
OSStatus err;
…if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail;
…fail:
SSLFreeBuffer(&signedHashes);
SSLFreeBuffer(&hashCtx);
return err;
}
The latest version of iOS is available for iPhone 4 and later, as well as iPad 2 and above. In case you weren’t automatically prompted about the update, you can manually check for update by going to Settings -> General and select Software Update.
any bugs?im planning to update my iphone 4.but i’ve noticed before when you update iphone 4s to ios7 a lot of bugs came out.