Apple releases iOS 7.0.6 with fix for SSL connection verification, rolls out Apple TV Software Updat
Apple on Friday issued a minor update for its mobile operating system, with iOS 7.0.6 fixing an issue with SSL connection verification.
The new update is available by accessing the Software Update option in the native Settings application on a compatible iPhone, iPad or iPod touch. The security update can also be installed by connecting a device to a Mac or PC and downloading iOS 7.0.6 through iTunes.
The sixth incremental update for iOS 7 arrives less than a month after Apple released iOS 7.0.5, intended to address some network issues associated with the iPhone 5s and iPhone 5c when being used in China.
Still in beta testing is iOS 7.1, of which a fourth pre-release build was supplied to developers last week. The point-one release is more full-featured and is expected to contain numerous tweaks for the iOS 7 platform.
AppleInsider reaffirmed earlier this week that iOS 7.1 is not expected to arrive until mid-March. The point-one release is also believed to include a major overhaul of Apple's Mobile Device Management mass deployment system, and will launch it alongside a totally new "Volume Services" Web client.
Also released on Friday for legacy devices was iOS 6.1.6. It's available for the iPhone 3GS and fourth-generation iPod touch, which cannot run iOS 7.
Update: Apple has subsequently released the corresponding Apple TV Software Update 6.0.2. Classified as a stability and performance update, the download includes general performance and stability improvements, says Apple. Users can update their Apple TV software via the device's Settings menu.
The new update is available by accessing the Software Update option in the native Settings application on a compatible iPhone, iPad or iPod touch. The security update can also be installed by connecting a device to a Mac or PC and downloading iOS 7.0.6 through iTunes.
The sixth incremental update for iOS 7 arrives less than a month after Apple released iOS 7.0.5, intended to address some network issues associated with the iPhone 5s and iPhone 5c when being used in China.
Still in beta testing is iOS 7.1, of which a fourth pre-release build was supplied to developers last week. The point-one release is more full-featured and is expected to contain numerous tweaks for the iOS 7 platform.
AppleInsider reaffirmed earlier this week that iOS 7.1 is not expected to arrive until mid-March. The point-one release is also believed to include a major overhaul of Apple's Mobile Device Management mass deployment system, and will launch it alongside a totally new "Volume Services" Web client.
Also released on Friday for legacy devices was iOS 6.1.6. It's available for the iPhone 3GS and fourth-generation iPod touch, which cannot run iOS 7.
Update: Apple has subsequently released the corresponding Apple TV Software Update 6.0.2. Classified as a stability and performance update, the download includes general performance and stability improvements, says Apple. Users can update their Apple TV software via the device's Settings menu.
Comments
It's been almost 6 months, and no fix.
Just installed this on my 5S and Retina Mini, so have nearly a full work day ahead of me to test this puppy.
On a side note, GO CANADA GO!!!
We don't need SSL fixes; we need 3D spatial/facial/retinal epidermal turbo heuristic magical cancer-curing technology in this update.
Loved ur comment.. lol
I hope this Update fixes other issues too!
Apple on Friday issued a minor update for its mobile operating system, with iOS 7.0.6 fixing an issue with SSL connection verification.
1) The graphic above shows a size of 35.4 MB; the file I downloaded to my 4S weighed in at 1.1GB. Hmmm.
2) A couple of hours before I learned about this update, I listened to the 19 Feb episode #443 of Security Now (on the TWiT network) where Steve Gibson described a significant security hole in iOS and Android where apps don't check the certificates used by websites for SSL connections.
"What that means is that they're accepting SSL connections and not checking to see if the certificate - they're looking to see if it's valid. Does the checksum - is that correct? But they're accepting self-signed certificates. And it also turns out that online banking apps for mobile devices, which are of course tempting targets for man-in-the-middle attacks, are also falling short. They're also not checking certificates. In an analysis that was made, 40% of iOS-based banking apps tested by - and here's the company we talked about earlier, IOActive - are vulnerable to such attacks because they fail - 40% of iOS-based banking apps because they fail to validate the authenticity of SSL certificates presented by the server; 41% of selected Android apps were found to be vulnerable in tests performed at Leibniz University of Hannover and Philipps..." https://www.grc.com/sn/sn-443.txt
I'm guessing Apple found a system-wide solution rather than trying to fix individual apps. If so, that's smart.
This update does actually bring 75% of the recommended daily intake of 3D spatial/facial/retinal epidermal turbo heuristic magical cancer-curing technology.
And is also snappier *.
* Please note that my version of snappier may vary from person to person. Please consult a doctor if unsnappy symptoms persist.
It is GREAT to see Apple providing updates the the 3GS still! How about a Safari update for it as well, along with the QuickTime foundation/iTunes/Music Player? Traditionally Apple has provided these sorts of updates for OS X for years after major new versions have been released...
How long has 7.1 in beta now? Surely it must be ready soon.
A few weeks ago I spent hours working with my hosting provider trying to work out why I couldn't get SSL email working. We finally gave up. Could this have been the issue?
Not likely, it's a security issue:
http://support.apple.com/kb/HT6147?viewlocale=en_US&locale=en_US
They weren't validating secure connections properly so someone connected locally between you and your destination could intercept your data, look at some of it and modify it. It's pretty unlikely someone would ever go to this trouble though.
Your email issue is more likely down to putting in the wrong details - you need to use the SSL address of your provider as well as authenticate the outgoing connection with your username and password.
Ah, good ol’ DFHI. They keep Dewey, Cheatem, & Howe on retainer.
7.1 has been in beta since it came out of alpha. It will be ready when it is ready.
http://www.crowdstrike.com/blog/details-about-apple-ssl-vulnerability-and-ios-706-patch/index.html
Not likely, it's a security issue:
http://support.apple.com/kb/HT6147?viewlocale=en_US&locale=en_US
They weren't validating secure connections properly so someone connected locally between you and your destination could intercept your data, look at some of it and modify it. It's pretty unlikely someone would ever go to this trouble though.
It really isn't that unlikely. This is something I was doing (legally and against our own app) a couple years ago. I blamed our developers for failing to validate and they went away and 'fixed' it. This is a seriously major bug and may indeed form part of the NSAs attack against iPhones. They routinely MITM SSL.
Does anyone know if Apple's pushing this out to all iOS7 devices or is it restricted to the beta for the moment?
It's 7.0.6 and not 7.1 so should be all iOS 7 devices. Apparently iOS 6 devices are also receiving the update and OS X should receive it in the near future as it also suffers from the same security issue.
Awesome thanks. This is going to cause me all sorts of headaches otherwise.
Watch out do backups before update. I know this should be duh of course, but I have been spoiled. No past problems and a "small" update, well, guess what it hosed my iPhone and I had to do a clean restore. Caution Caution.