Apple releases iOS 7.0.6 with fix for SSL connection verification, rolls out Apple TV Software Updat

Posted:
in iPhone edited March 2014
Apple on Friday issued a minor update for its mobile operating system, with iOS 7.0.6 fixing an issue with SSL connection verification.

iOS 7.0.6


The new update is available by accessing the Software Update option in the native Settings application on a compatible iPhone, iPad or iPod touch. The security update can also be installed by connecting a device to a Mac or PC and downloading iOS 7.0.6 through iTunes.

The sixth incremental update for iOS 7 arrives less than a month after Apple released iOS 7.0.5, intended to address some network issues associated with the iPhone 5s and iPhone 5c when being used in China.

Still in beta testing is iOS 7.1, of which a fourth pre-release build was supplied to developers last week. The point-one release is more full-featured and is expected to contain numerous tweaks for the iOS 7 platform.

AppleInsider reaffirmed earlier this week that iOS 7.1 is not expected to arrive until mid-March. The point-one release is also believed to include a major overhaul of Apple's Mobile Device Management mass deployment system, and will launch it alongside a totally new "Volume Services" Web client.

Also released on Friday for legacy devices was iOS 6.1.6. It's available for the iPhone 3GS and fourth-generation iPod touch, which cannot run iOS 7.

Update: Apple has subsequently released the corresponding Apple TV Software Update 6.0.2. Classified as a stability and performance update, the download includes general performance and stability improvements, says Apple. Users can update their Apple TV software via the device's Settings menu.
«13

Comments

  • Reply 1 of 53
    It'd be great if Apple would fix the bluetooth keyboard problems that have persisted since 7.0 released. It constantly crashes when using the keyboard, usually when trying to wake it up from sleep while connected.

    It's been almost 6 months, and no fix.
  • Reply 2 of 53

    Just installed this on my 5S and Retina Mini, so have nearly a full work day ahead of me to test this puppy.

     

    On a side note, GO CANADA GO!!!

  • Reply 3 of 53
    Hi, I am Jackass Analyst, working here at Dickhead Financial Holdings, Inc. Due to this underwhelming update, I am recommending investors dump their AAPL holdings. This update proves that Apple doesn't have the creativity and ingenuity needed to survive the Samsung/Android onslaught.

    We don't need SSL fixes; we need 3D spatial/facial/retinal epidermal turbo heuristic magical cancer-curing technology in this update.
  • Reply 4 of 53

    Loved ur comment.. lol

  • Reply 5 of 53

    I hope this Update fixes other issues too!

  • Reply 6 of 53
    Quote:

    Originally Posted by AppleInsider View Post



    Apple on Friday issued a minor update for its mobile operating system, with iOS 7.0.6 fixing an issue with SSL connection verification.

     
    iOS 7.0.6


     

    1) The graphic above shows a size of 35.4 MB; the file I downloaded to my 4S weighed in at 1.1GB. Hmmm.

     

    2) A couple of hours before I learned about this update, I listened to the 19 Feb episode #443 of Security Now (on the TWiT network) where Steve Gibson described a significant security hole in iOS and Android where apps don't check the certificates used by websites for SSL connections.

     

    "What that means is that they're accepting SSL connections and not checking to see if the certificate - they're looking to see if it's valid.  Does the checksum - is that correct?  But they're accepting self-signed certificates.  And it also turns out that online banking apps for mobile devices, which are of course tempting targets for man-in-the-middle attacks, are also falling short.  They're also not checking certificates.  In an analysis that was made, 40% of iOS-based banking apps tested by - and here's the company we talked about earlier, IOActive - are vulnerable to such attacks because they fail - 40% of iOS-based banking apps because they fail to validate the authenticity of SSL certificates presented by the server; 41% of selected Android apps were found to be vulnerable in tests performed at Leibniz University of Hannover and Philipps..."  https://www.grc.com/sn/sn-443.txt

     

    I'm guessing Apple found a system-wide solution rather than trying to fix individual apps. If so, that's smart.

  • Reply 7 of 53
    gtrgtr Posts: 3,231member
    Hi, I am Jackass Analyst, working here at Dickhead Financial Holdings, Inc. Due to this underwhelming update, I am recommending investors dump their AAPL holdings. This update proves that Apple doesn't have the creativity and ingenuity needed to survive the Samsung/Android onslaught.

    We don't need SSL fixes; we need 3D spatial/facial/retinal epidermal turbo heuristic magical cancer-curing technology in this update.

    This update does actually bring 75% of the recommended daily intake of 3D spatial/facial/retinal epidermal turbo heuristic magical cancer-curing technology.

    And is also snappier *.


    * Please note that my version of snappier may vary from person to person. Please consult a doctor if unsnappy symptoms persist.
  • Reply 8 of 53
    LOL @ macinthe408
  • Reply 9 of 53

    It is GREAT to see Apple providing updates the the 3GS still!  How about a Safari update for it as well, along with the QuickTime foundation/iTunes/Music Player?  Traditionally Apple has provided these sorts of updates for OS X for years after major new versions have been released...  

  • Reply 10 of 53
    richlrichl Posts: 2,213member

    How long has 7.1 in beta now? Surely it must be ready soon.

  • Reply 11 of 53

    A few weeks ago I spent hours working with my hosting provider trying to work out why I couldn't get SSL email working. We finally gave up. Could this have been the issue?

  • Reply 12 of 53
    MarvinMarvin Posts: 14,230moderator
    A few weeks ago I spent hours working with my hosting provider trying to work out why I couldn't get SSL email working. We finally gave up. Could this have been the issue?

    Not likely, it's a security issue:

    http://support.apple.com/kb/HT6147?viewlocale=en_US&locale=en_US

    They weren't validating secure connections properly so someone connected locally between you and your destination could intercept your data, look at some of it and modify it. It's pretty unlikely someone would ever go to this trouble though.

    Your email issue is more likely down to putting in the wrong details - you need to use the SSL address of your provider as well as authenticate the outgoing connection with your username and password.
  • Reply 13 of 53
    Originally Posted by macinthe408 View Post

    Hi, I am Jackass Analyst, working here at Dickhead Financial Holdings, Inc.

     

    Ah, good ol’ DFHI. They keep Dewey, Cheatem, & Howe on retainer.

  • Reply 14 of 53
    chipsychipsy Posts: 287member
    It is GREAT to see Apple providing updates the the 3GS still!  <span style="line-height:1.4em;">How about a Safari update for it as well, along with the QuickTime foundation/iTunes/Music Player</span>
    <span style="line-height:1.4em;">?  Traditionally Apple has provided these sorts of updates for OS X for years after major new versions have been released...  </span>
    It concerns a serious security issue, so of course iOS 6 devices also get the update.
  • Reply 15 of 53
    richl wrote: »
    How long has 7.1 in beta now? Surely it must be ready soon.

    7.1 has been in beta since it came out of alpha. It will be ready when it is ready.
  • Reply 16 of 53
    gatorguygatorguy Posts: 21,265member
    Apparently OS X suffers the same SSL security issue so a patch for it is also expected.
    http://www.crowdstrike.com/blog/details-about-apple-ssl-vulnerability-and-ios-706-patch/index.html
  • Reply 17 of 53
    Quote:

    Originally Posted by Marvin View Post





    Not likely, it's a security issue:



    http://support.apple.com/kb/HT6147?viewlocale=en_US&locale=en_US



    They weren't validating secure connections properly so someone connected locally between you and your destination could intercept your data, look at some of it and modify it. It's pretty unlikely someone would ever go to this trouble though.

    It really isn't that unlikely. This is something I was doing (legally and against our own app) a couple years ago. I blamed our developers for failing to validate and they went away and 'fixed' it. This is a seriously major bug and may indeed form part of the NSAs attack against iPhones. They routinely MITM SSL.

     

    Does anyone know if Apple's pushing this out to all iOS7 devices or is it restricted to the beta for the moment?

  • Reply 18 of 53
    chipsychipsy Posts: 287member
    It really isn't that unlikely. This is something I was doing (legally and against our own app) a couple years ago. I blamed our developers for failing to validate and they went away and 'fixed' it. This is a seriously major bug and may indeed form part of the NSAs attack against iPhones. They routinely MITM SSL.

    Does anyone know if Apple's pushing this out to all iOS7 devices or is it restricted to the beta for the moment?
    It's 7.0.6 and not 7.1 so should be all iOS 7 devices. Apparently iOS 6 devices are also receiving the update and OS X should receive it in the near future as it also suffers from the same security issue.
  • Reply 19 of 53
    Quote:

    Originally Posted by Chipsy View Post





    It's 7.0.6 and not 7.1 so should be all iOS 7 devices. Apparently iOS 6 devices are also receiving the update and OS X should receive it in the near future as it also suffers from the same security issue.

     

    Awesome thanks. This is going to cause me all sorts of headaches otherwise.

  • Reply 20 of 53

    Watch out do backups before update.  I know this should be duh of course, but I have been spoiled.  No past problems and a "small" update, well, guess what it hosed my iPhone and I had to do a clean restore.  Caution Caution.

Sign In or Register to comment.