Apple releases iOS 7.0.6 with security connection fix

Apple releases iOS 7.0.6 with security connection fix

Summary: The latest version of the publicly-available iOS software contains a fix that resolves an SSL verification fix — though, Apple didn't say exactly what the issue actually was.

SHARE:
TOPICS: Apple, iOS, iPhone, iPad
20
ios-upload
(Image: ZDNet)

Apple on Friday released the latest version of its mobile and tablet software, iOS 7.0.6, which contains a fix for an SSL connection issue. 

The Cupertino, Calif.-based technology giant did not, however, explain what the fix related to in exact terms. The flaw was severe enough for Apple to release the update sooner rather than later — even though the next iterative version, dubbed iOS 7.1, and currently in developers' hands, is expected to land on iPhones and iPads in mid-March.

It's also hoped that iOS 7.1, a mid-cycle update which rarely offer new features but fixes bugs and design flaws, will land just six months ahead of when Apple is expected to release iOS 8, the next major version of its mobile software.

Friday's update comes about three weeks after the company released iOS 7.0.5, which was only available to a few China-based devices affected by a network provisioning fix.

Apple also issued an updated version of its older platform, iOS 6.1.6, for iPhone 3GS smartphone and the iPod touch (fourth generation).

Those updating are advised to use a Wi-Fi connection to download the software over-the-air, and ranges from 16MB to about 35MB in size.

Topics: Apple, iOS, iPhone, iPad

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

20 comments
Log in or register to join the discussion
  • Safari crashes

    So will this fix the widespread Safari crash issue?
    Pdawg20
    • Reply to Pdawg20

      It makes no difference to us what they are updating, they are making the software faster, safer, and easier to use. You don't see googggle correcting it's situations like that. This is why Apple is the BEST.
      Androids exist only to make iPhones look FANTASTIC.
      Joedidley
      • Reply to iTard

        Minor updates are released to fix bugs, and it does make difference for all platforms.
        Sean Foley
        • Not all Trolls are the same....

          Unlike SF at least LD is capable of a degree of intelligence.
          5735guy
      • Joe...... No.

        The biggest issue with Safari a software update can't fix.
        Lackaram.
        rhonin
      • Umm, what?

        Have you ever heard of Eclair, Ice Cream Sandwich, Jelly Bean, Kit Kat, Key Lime Pie? Those are all versions of Android OS. And in between, there are updates that fixes issues just the same as Apple products. Being in the Telecommunication industry, I must say that I have witnessed a shift in people leaving their Apple devices for Android ones. I personally use the Samsung Galaxy Note 3 as my phone, however, I use an iPad as my tablet of choice. I once had a Motorola Xoom tablet, but wasn't impressed with it, hence the change to an iOS tablet. There are pros and cons to both platforms, but for a phone choice Android is definitely for me. Back to the point, your comment doesn't make sense, as both OS put out updates to fix issues.
        cell_guru
        • True

          It is true that both Apple and Google produce regular updates. This is one thing that Apple have right though, the updates bypass the carriers and get applied to a large fraction of iPhones within days of release. The process takes much longer with Android.
          DJL64
      • You're a sad person

        So, so sad :(
        NitzMan
      • Oh please...

        I started with an Android tablet, and received an ipad last Christmas. There is NOTHING useful about an ipad at all, other than facetime. It annoys me when people compare android to ipad, which is why I signed up to comment. Ipad doesn't DO anything. Safari DOES hang quite often, no flash, no camera settings, no 'back' button on anything. Camera roll is stupid. I could go on and on about why ipad sucks. If you ever had an android tablet or phone, and you could still say apple is the 'best', then you have serious mental issues. I wold never spend my money for anything apple after using this ipad for a few months.
        lynne22
    • Safari crashes A LOT on iPad Air

      Apple should REALLY fix this.
      Smalahove
      • Really?

        I never tire of fanboys making up stories, to downgrade the cpetition.
        I hate trolls also
        • Well, Safari crashes a A LOT on my iPad Air

          You don't believe me? I'm satisfied with the iPad Air, except for these crashes. Hopefully, this is a software issue that Apple can fix (i.e. a 64-bit Safari / iOS problem).
          Smalahove
          • It's usually a shortage of ram

            They don't have a swap space on ios,

            Be sure to close excess tabs and applications. Failing that reset your settings.

            We have an air, a 2 a mini, 2 5c's a 5 and a 5s in our house. It's not happening here.
            MarknWill
        • I've seen it too on iPad air and ipad2

          It's got to be an iOS7 problem.

          It doesn't crash on a daily basis, but it has happened enough that i remember the issue.
          otaddy
  • Appropriate reticence

    It's appropriate that Apple didn't discuss the specifics of the security vulnerability that 7.0.6 addresses. To do so would be to give information to bad guys who could exploit that vulnerability in devices that are not yet upgraded. Sort of like telling someone where you hid the extra house key, but while you're in the midst of a crowd of people who know where you live.
    charley cross
  • Update was posted

    Update: The full description for the update has gone live on Apple's site. iOS 7.0.4 and 6.1.6 patch a vulnerability where "an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS." The problem was resolved "by restoring missing validation steps.

    http://support.apple.com/kb/HT6147
    RickLively
  • 7.0.6

    jailbreak & bypass icloud http://adf.ly/duSjE
    kcnsonline
  • Wrong

    "....after the company released iOS 7.0.5, which was only available to a few China-based devices..."
    It was available in the UK.
    pianoman1962
  • Stay until 7.1 is out

    In my opinion it isn't worth to update to iOS 7.0.6 until 7.1 is released: http://www.iosappsandhacks.com/ios-7-0-6-is-it-worth-to-update
    danilkos
  • Goto fail;

    Actually, information on the security fix has been announced. It just took some other experts outside of Apple to decrypt the meaning behind the simple statement of, "Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps." In fact, Adam Langley, an expert for web encryption at Google, explained what the issue was pretty expertly. Seems somebody slipped in an extra "goto fail;" in Apple's iOS 7 coding line. In essence, this allows authentication of the Secured Socket Layer of websites regardless of whether the digital signature is correct. A savvy hacker can spoof website certs to make you think you're at a trusted location, when really you're communicating directly with the attacker.

    Potentially, you could think that you're entering in personal information into a "trusted" site, all the while providing it directly to a hacker. So, it might be worth taking a half hour out of your busy schedule to backup an iOS device and update to 7.0.6 if you do any online banking or purchasing on your Apple device.

    Of course, the real question here is was this extra bit of coding deliberate... or was it simply an accident..?
    fhqwhgus