Monday, February 24, 2014

iOS 7 Security Bug

In case you haven't heard, there is a pretty bad security bug present in iOS 7.  They urge everyone to update as soon as possible, otherwise you are at risk of your data being intercepted on public WiFi networks.  Go into Settings, General, Software Update and install 7.0.6 to get the fix.

The good news is that even if you have a Jailbroken device, you can still update.  evasi0n updated their Jailbreak to support 7.0.6.  Woot woot! All you have to do is backup your phone via iTunes, click Restore within iTunes, then re-jailbreak. 

Certain Macs appear to be vulnerable as well.  See below for full details from TechCrunch

On Friday Apple announced a fix to a security bug in its iOS 7 system. Saturday  Web security experts have parsed the patch to figure out what exactly the problem was… And apparently it’s a doozy.

Wired has all of the gory details:

“[The] terse description in Apple’s announcement yesterday had some of the internet’s top crypto experts wondering aloud about the exact nature of the bug. Then, as they began learning the details privately, they retreated into what might be described as stunned silence. “Ok, I know what the Apple bug is,” tweeted Matthew Green, a cryptography professor at Johns Hopkins. “And it is bad. Really bad.”

The culprit of what may be one of Apple’s biggest security snafus is an extra “goto” in one part of the authentication code, Wired reported. That spurious line of code bypasses the rest of the authentication protocols.

The bug could could allow hackers to intercept email and other communications that are meant to be encrypted, according to a Reuters report which was issued late on Friday night.

Meanwhile, ZDNet notes that macs may have been left vulnerable.
[Update: Apple spokesperson Trudy Muller sent us this comment about the continuing vulnerability in macs. "We are aware of this issue and already have a software fix that will be released very soon." (i.e. iOS 6 and 7 have been patched, OS X 1.9 is the first version to exhibit the vulnerability and is not currently patched, but will be soon. Until then, don't connect to any public wifi with your OS X 10.9 Macs.)]

As ZDNet’s contributing editor Larry Seltzer wrote:
Make no mistake about it, this is a very serious bug. The bug makes it fairly straightforward to intercept and decrypt SSL/TLS communications, probably the most important security protocol there is today.


2 comments :

Crystal said...

I tried to update - not enough memory darn it! I need to delete some stuff! Thanks for the heads up!

Chris said...

My wife said the same thing. My phone is always full with pics as well. Stupid iPhones, need an external memory card slot! :o)

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes