On Friday, Apple released an urgent update to iOS 6 and 7. The only fix in the update is well worth bothering yourself with the update process, and doing it as soon as possible.
The description of the issue, as stated by Apple itself – “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS”. To put it simply, when you do your online banking or Gmail mailing or Facebook chatting on the public Wi-Fi network (e.g. at the airport or cafe), any skilled guy around can read and modify your data, even though you see that small lock in Safari, indicating that your session is protected with encryption. It’s important to mention that the vulnerability affects almost any application, not only the web browser. No wonder Apple rushed to push this update.
The security community spent this weekend trying to figure out the nature of the vulnerability. A technical analysis is available here, however the most important finding is – that MacOS is affected too. Apple hasn’t released the MacOS patch as of now, but we really expect to see it very soon.
What to do:
- Update all your iPhones, ipods and ipads running iOS 6 and 7. Do it using a trusted, non-open network, e.g. At home.
- Avoid doing anything sensitive, e.g. banking on your iOS devices before you update.
- The same applies to MacOS devices – wait for the update. There are third-party updates already; however, applying this may be risky.
- If you really have to do your banking, use the most trusted networks only and implement additional protection measures – use Google Chrome, plus VPN, plus a reliable anti-virus.