or Connect
AppleInsider › Forums › Mobile › iPhone › Apple releases iOS 7.0.6 with fix for SSL connection verification, rolls out Apple TV Software Update [u]
New Posts  All Forums:Forum Nav:

Apple releases iOS 7.0.6 with fix for SSL connection verification, rolls out Apple TV Software...

post #1 of 51
Thread Starter 
Apple on Friday issued a minor update for its mobile operating system, with iOS 7.0.6 fixing an issue with SSL connection verification.

iOS 7.0.6


The new update is available by accessing the Software Update option in the native Settings application on a compatible iPhone, iPad or iPod touch. The security update can also be installed by connecting a device to a Mac or PC and downloading iOS 7.0.6 through iTunes.

The sixth incremental update for iOS 7 arrives less than a month after Apple released iOS 7.0.5, intended to address some network issues associated with the iPhone 5s and iPhone 5c when being used in China.

Still in beta testing is iOS 7.1, of which a fourth pre-release build was supplied to developers last week. The point-one release is more full-featured and is expected to contain numerous tweaks for the iOS 7 platform.

AppleInsider reaffirmed earlier this week that iOS 7.1 is not expected to arrive until mid-March. The point-one release is also believed to include a major overhaul of Apple's Mobile Device Management mass deployment system, and will launch it alongside a totally new "Volume Services" Web client.

Also released on Friday for legacy devices was iOS 6.1.6. It's available for the iPhone 3GS and fourth-generation iPod touch, which cannot run iOS 7.

Update: Apple has subsequently released the corresponding Apple TV Software Update 6.0.2. Classified as a stability and performance update, the download includes general performance and stability improvements, says Apple. Users can update their Apple TV software via the device's Settings menu.
post #2 of 51
It'd be great if Apple would fix the bluetooth keyboard problems that have persisted since 7.0 released. It constantly crashes when using the keyboard, usually when trying to wake it up from sleep while connected.

It's been almost 6 months, and no fix.
post #3 of 51

Just installed this on my 5S and Retina Mini, so have nearly a full work day ahead of me to test this puppy.

 

On a side note, GO CANADA GO!!!

post #4 of 51
Hi, I am Jackass Analyst, working here at Dickhead Financial Holdings, Inc. Due to this underwhelming update, I am recommending investors dump their AAPL holdings. This update proves that Apple doesn't have the creativity and ingenuity needed to survive the Samsung/Android onslaught.

We don't need SSL fixes; we need 3D spatial/facial/retinal epidermal turbo heuristic magical cancer-curing technology in this update.
post #5 of 51

Loved ur comment.. lol

post #6 of 51

I hope this Update fixes other issues too!


Edited by macologist - 2/21/14 at 2:53pm

 

Go  Apple, AAPL!!!

Reply

 

Go  Apple, AAPL!!!

Reply
post #7 of 51
Quote:
Originally Posted by AppleInsider View Post

Apple on Friday issued a minor update for its mobile operating system, with iOS 7.0.6 fixing an issue with SSL connection verification.
 
iOS 7.0.6

 

1) The graphic above shows a size of 35.4 MB; the file I downloaded to my 4S weighed in at 1.1GB. Hmmm.

 

2) A couple of hours before I learned about this update, I listened to the 19 Feb episode #443 of Security Now (on the TWiT network) where Steve Gibson described a significant security hole in iOS and Android where apps don't check the certificates used by websites for SSL connections.

 

"What that means is that they're accepting SSL connections and not checking to see if the certificate - they're looking to see if it's valid.  Does the checksum - is that correct?  But they're accepting self-signed certificates.  And it also turns out that online banking apps for mobile devices, which are of course tempting targets for man-in-the-middle attacks, are also falling short.  They're also not checking certificates.  In an analysis that was made, 40% of iOS-based banking apps tested by - and here's the company we talked about earlier, IOActive - are vulnerable to such attacks because they fail - 40% of iOS-based banking apps because they fail to validate the authenticity of SSL certificates presented by the server; 41% of selected Android apps were found to be vulnerable in tests performed at Leibniz University of Hannover and Philipps..."  https://www.grc.com/sn/sn-443.txt

 

I'm guessing Apple found a system-wide solution rather than trying to fix individual apps. If so, that's smart.

"You can't fall off the floor"   From 128k Mac to 8GB MBP

Reply

"You can't fall off the floor"   From 128k Mac to 8GB MBP

Reply
post #8 of 51
Quote:
Originally Posted by macinthe408 View Post

Hi, I am Jackass Analyst, working here at Dickhead Financial Holdings, Inc. Due to this underwhelming update, I am recommending investors dump their AAPL holdings. This update proves that Apple doesn't have the creativity and ingenuity needed to survive the Samsung/Android onslaught.

We don't need SSL fixes; we need 3D spatial/facial/retinal epidermal turbo heuristic magical cancer-curing technology in this update.

This update does actually bring 75% of the recommended daily intake of 3D spatial/facial/retinal epidermal turbo heuristic magical cancer-curing technology.

And is also snappier *.


* Please note that my version of snappier may vary from person to person. Please consult a doctor if unsnappy symptoms persist.
post #9 of 51
LOL @ macinthe408
post #10 of 51

It is GREAT to see Apple providing updates the the 3GS still!  How about a Safari update for it as well, along with the QuickTime foundation/iTunes/Music Player?  Traditionally Apple has provided these sorts of updates for OS X for years after major new versions have been released...  

post #11 of 51

How long has 7.1 in beta now? Surely it must be ready soon.

post #12 of 51

A few weeks ago I spent hours working with my hosting provider trying to work out why I couldn't get SSL email working. We finally gave up. Could this have been the issue?

Lorin Schultz (formerly V5V)

Audio Engineer

V5V Digital Media, Vancouver, BC Canada

Reply

Lorin Schultz (formerly V5V)

Audio Engineer

V5V Digital Media, Vancouver, BC Canada

Reply
post #13 of 51
Quote:
Originally Posted by Lorin Schultz View Post

A few weeks ago I spent hours working with my hosting provider trying to work out why I couldn't get SSL email working. We finally gave up. Could this have been the issue?

Not likely, it's a security issue:

http://support.apple.com/kb/HT6147?viewlocale=en_US&locale=en_US

They weren't validating secure connections properly so someone connected locally between you and your destination could intercept your data, look at some of it and modify it. It's pretty unlikely someone would ever go to this trouble though.

Your email issue is more likely down to putting in the wrong details - you need to use the SSL address of your provider as well as authenticate the outgoing connection with your username and password.
post #14 of 51
Originally Posted by macinthe408 View Post
Hi, I am Jackass Analyst, working here at Dickhead Financial Holdings, Inc.

 

Ah, good ol’ DFHI. They keep Dewey, Cheatem, & Howe on retainer.

Originally posted by Marvin

Even if [the 5.5” iPhone exists], it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone exists], it doesn’t deserve to.
Reply
post #15 of 51
Quote:
Originally Posted by libertyforall View Post

It is GREAT to see Apple providing updates the the 3GS still!  How about a Safari update for it as well, along with the QuickTime foundation/iTunes/Music Player
?  Traditionally Apple has provided these sorts of updates for OS X for years after major new versions have been released...  
It concerns a serious security issue, so of course iOS 6 devices also get the update.
post #16 of 51
Quote:
Originally Posted by RichL View Post

How long has 7.1 in beta now? Surely it must be ready soon.

7.1 has been in beta since it came out of alpha. It will be ready when it is ready.
iPad a Dream.
Reply
iPad a Dream.
Reply
post #17 of 51
Apparently OS X suffers the same SSL security issue so a patch for it is also expected.
http://www.crowdstrike.com/blog/details-about-apple-ssl-vulnerability-and-ios-706-patch/index.html
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #18 of 51
Quote:
Originally Posted by Marvin View Post


Not likely, it's a security issue:

http://support.apple.com/kb/HT6147?viewlocale=en_US&locale=en_US

They weren't validating secure connections properly so someone connected locally between you and your destination could intercept your data, look at some of it and modify it. It's pretty unlikely someone would ever go to this trouble though.

It really isn't that unlikely. This is something I was doing (legally and against our own app) a couple years ago. I blamed our developers for failing to validate and they went away and 'fixed' it. This is a seriously major bug and may indeed form part of the NSAs attack against iPhones. They routinely MITM SSL.

 

Does anyone know if Apple's pushing this out to all iOS7 devices or is it restricted to the beta for the moment?

post #19 of 51
Quote:
Originally Posted by ItsTheInternet View Post

It really isn't that unlikely. This is something I was doing (legally and against our own app) a couple years ago. I blamed our developers for failing to validate and they went away and 'fixed' it. This is a seriously major bug and may indeed form part of the NSAs attack against iPhones. They routinely MITM SSL.

Does anyone know if Apple's pushing this out to all iOS7 devices or is it restricted to the beta for the moment?
It's 7.0.6 and not 7.1 so should be all iOS 7 devices. Apparently iOS 6 devices are also receiving the update and OS X should receive it in the near future as it also suffers from the same security issue.
post #20 of 51
Quote:
Originally Posted by Chipsy View Post


It's 7.0.6 and not 7.1 so should be all iOS 7 devices. Apparently iOS 6 devices are also receiving the update and OS X should receive it in the near future as it also suffers from the same security issue.

 

Awesome thanks. This is going to cause me all sorts of headaches otherwise.

post #21 of 51

Watch out do backups before update.  I know this should be duh of course, but I have been spoiled.  No past problems and a "small" update, well, guess what it hosed my iPhone and I had to do a clean restore.  Caution Caution.

post #22 of 51

Hmmm, I wonder, I had the same problem with my wife's iPhone 5.  I had both docked in the Apple iPhone 5 or 5S Dock and they both require restore???  Could the dock connected to AC power be the cause???

post #23 of 51
Quote:
Originally Posted by Chipsy View Post

It's 7.0.6 ....

and 6.1.6.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #24 of 51
If you're a coder you might be interested in this short blog about the SSL bug.
https://www.imperialviolet.org/2014/02/22/applebug.html
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #25 of 51
Quote:
Originally Posted by Gatorguy View Post

If you're a coder you might be interested in this short blog about the SSL bug.
https://www.imperialviolet.org/2014/02/22/applebug.html

I can't believe Apple would not have had some type of automated test for such a simple and important security check before release.  Hopefully they will add one now.

post #26 of 51
This crypto bug also currently affects Safari on OSX 10.9 and 10.9.1.
post #27 of 51
Quote:
Originally Posted by techguy911 View Post

I can't believe Apple would not have had some type of automated test for such a simple and important security check before release.  Hopefully they will add one now.

Maybe it was Forstall's equivalent of peeing in the water fountain before he checked out. That's the most damaging kind of prank, just hide something so small nobody would think to check it. Just 1 line of code amongst millions.

The lack of start and end braces is telling too. They should get into the habit of using them at all times. It doesn't use much more space:
Code:
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0){
                goto fail;
}
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0){
                goto fail;
                goto fail;
}
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0){
                goto fail;
}
post #28 of 51
Anyone having a problem with AirPlay after updating to iOS 7.0.6? My iPhone and iPads don't recognize my Apple TV or AirPlay speakers after this update. Yes, they are all on the same wireless network.
post #29 of 51
Mildly surprised that my wife received an email from Square earlier today advising her of this iOS update.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #30 of 51
Quote:
Originally Posted by ShabbaRanksMF View Post

This crypto bug also currently affects Safari on OSX 10.9 and 10.9.1.
Neither Firefox nor Chrome browsers are apparently affected tho.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #31 of 51
Quote:
Originally Posted by Gatorguy View Post


Neither Firefox nor Chrome browsers are apparently affected tho.

Firefox and Chrome use their own SSL/TLS implementation.

post #32 of 51
Quote:
Originally Posted by INurse View Post

Anyone having a problem with AirPlay after updating to iOS 7.0.6? My iPhone and iPads don't recognize my Apple TV or AirPlay speakers after this update. Yes, they are all on the same wireless network.

Have you updated your Apple TV?
post #33 of 51
I found a bug in the Apple TV update. While on Netflix and Hulu, I was several layers deep into the menus and I pressed back (menu) and was taken to the home screen, rather than back a menu layer. This has happened numerous times on both those services. I haven't tested other apps yet, but I'm assuming its universal.
post #34 of 51

Apple TV also updated.  I resolved this morning by rebooting the Apple TV and AirPlay speakers.

 

Thanks to all!

post #35 of 51
Quote:
Originally Posted by Gatorguy View Post

Quote:
Originally Posted by Chipsy View Post

It's 7.0.6 ....

and 6.1.6.

...but only for the 3GS & 4. Not for people who are running 6 on a 5 or 4s. This I think is ridiculous. Apple making people upgrading to iOS7 mandatory, no wonder they have over 80% running the latest version. And one cannot restore an iOS6 backup if the device is running v7. Truly pathetic.

http://support.apple.com/kb/TS3682
post #36 of 51
Quote:
Originally Posted by PhilBoogie View Post


...but only for the 3GS & 4. Not for people who are running 6 on a 5 or 4s. This I think is ridiculous. Apple making people upgrading to iOS7 mandatory, no wonder they have over 80% running the latest version. And one cannot restore an iOS6 backup if the device is running v7. Truly pathetic.

http://support.apple.com/kb/TS3682

 

Is this a joke? I mean I don't quite get it. You can't even install arbitrary software on your device, why do you think Apple would permit you to install older / unsupported versions of their firmware? Part of Apple's genuine benefits is their careful curation of the App Store and managed upgrades. You can't expect to go against this with full support.

post #37 of 51
Information about the bug can be found here: https://www.imperialviolet.org/2014/02/22/applebug.html
post #38 of 51
Quote:
Originally Posted by ItsTheInternet View Post

Quote:
Originally Posted by PhilBoogie View Post


Is this a joke? I mean I don't quite get it. You can't even install arbitrary software on your device, why do you think Apple would permit you to install older / unsupported versions of their firmware? Part of Apple's genuine benefits is their careful curation of the App Store and managed upgrades. You can't expect to go against this with full support.

And they're doing an excellent job in doing this. But a friend of mine wanted to fix the SSL/TLS issue so he thought he could update his 5 running iOS6 but is now mandatorily using iOS7 as there wasn't a standalone patch for iOS6; only for the 3GS & 4 models.

So while I must admit it was his mistake to not read which device supported which software version I do agree with him that if Apple can release a patch for iOS6 it should be HW independent. Nothing to do with the AppStore, but your point is valid nonetheless.
post #39 of 51
Quote:
Originally Posted by PhilBoogie View Post


And they're doing an excellent job in doing this. But a friend of mine wanted to fix the SSL/TLS issue so he thought he could update his 5 running iOS6 but is now mandatorily using iOS7 as there wasn't a standalone patch for iOS6; only for the 3GS & 4 models.

So while I must admit it was his mistake to not read which device supported which software version I do agree with him that if Apple can release a patch for iOS6 it should be HW independent. Nothing to do with the AppStore, but your point is valid nonetheless.

As far as I understand it, every time you install iOS on a device it phones back to Apple to check that it is authorised to be installed. In order for Apple to distribute an iOS6 update (I believe) they would have to re-permit people to downgrade to 6 too. I very much doubt they'd be happy doing that. What's a few insecure customers who will buy new phones vs not having everyone on the same version of the OS.

 

Plus I can be really pithy here and just say "If you want control over your phone, buy an Android" but I think people might take that the wrong way. Still that is the real key difference between the two platforms. On iOS you must assume Apple knows best and defer to them. On a plain Android then it's up to you what you do, but you can't trust things as much as with Apple.

post #40 of 51
Quote:
Originally Posted by ItsTheInternet View Post

Is this a joke? I mean I don't quite get it. You can't even install arbitrary software on your device, why do you think Apple would permit you to install older / unsupported versions of their firmware? Part of Apple's genuine benefits is their careful curation of the App Store and managed upgrades. You can't expect to go against this with full support.

You're writing a positive comment about Apple. Are you sick?
iPad a Dream.
Reply
iPad a Dream.
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • Apple releases iOS 7.0.6 with fix for SSL connection verification, rolls out Apple TV Software Update [u]
AppleInsider › Forums › Mobile › iPhone › Apple releases iOS 7.0.6 with fix for SSL connection verification, rolls out Apple TV Software Update [u]