Apple updates iOS to 7.0.6/6.1.6 in order to fix SSL vulnerability, Jailbreak is still possible

by Mihai Neacsu on 23 February 2014 · 1872 views

Apple began silently pushing an update for iOS which fixes a critical SSL/TLS vulnerability. The 7.0.6 update is available for iPhone 4 and later, iPod touch (5th generation), iPad 2 and later, while 6.1.6 was released for Apple iPhone 3GS and 4th generation Apple iPod touch devices.

The patch description states:

"Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps."

What this basically mean is that unless you update to 7.0.6 or 6.1.6, your iOS powered devices are vulnerable to a "man in the middle" attack and your personal data is at risk while you are connected to unprotected Wi-Fi networks.

This security hole also affects OS X devices, as discovered by several researchers. If you're looking for specific details, here's the technical explanation on Adam Langley's Blog, a Google engineer. An update for OS X is expected to follow shortly.

What to do now?

Simply update. Go to your iOS device's Settings>General>Software Update and 7.0.6 or 6.1.6 should be there for you to download and install.

If you suspect that you have connected your iOS device to shady WiFi networks since iOS 7 appeared, just to be on the safe side you can change all your personal passwords used on your iOS device, if any.

What about Jailbreak?

The iOS patch does not block the option to Jailbreak phones. @evad3rs confirmed on Twitter that "evasi0n7 with support for iOS 7.0.6 is now live at http://evasi0n.com."