SSL/TLS Vulnerability on iOS Patched

Apple has released its long awaited sixth update to iOS, designed to patch a hole in the way their SSL and TSL security worked on the iPhone, iPod Touch, and iPad.

According to the engineers in Cupertino, iOS 7.0.5 and 6.1.5 are currently vulnerable to standard man-in-the-middle attacks that could be launched against their operating system and used to record any data transmitted to or from a targeted device.

Apple confirmed with the press that the issue has been patched up completely, and as of today the update was released for iOS 7 and 6 in every region where the company currently operates.

“Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
CVE-ID: CVE-2014-1266”

This fix comes on the eve of the much anticipated 7.1 update, which represents the first major overhaul for iOS7 since it first launched last fall. If rumors are to be believed, we should expect the overhaul to hit the airwaves sometime around mid-March.

Apple was characteristically tight-lipped about the exact parameters under which the phone or tablet needed to operate in order to make itself vulnerable, which has led some to believe that unlike normal bugs which usually require a certain app to be running or program to launch, this problem could have been affecting the entire device without any special restrictions to prevent it from becoming operational.

The size of the patch ranges from 16 to 35mb depending on the device you’re using and current version, and is available to download now from the Software Update tab inside your Settings application.