Apple’s iPhone 5S
(Credit: Sarah Tew/CNET)
Apple on Friday released the latest update of its mobile operating system. It’s of note because it fixes an SSL connection issue, an important encryption vulnerability.
SSL, or Secure Sockets Layer, is one of the most basic forms of encrypting Internet traffic. Without it, almost anybody can see what you’re doing online. According to Apple’s fulldescription of the update, the software previously had problems validating the authenticity of the connection, and the software fix restores steps that were missing in the validation process.
The company said the fix would stop an attacker from capturing and modifying data when supposedly shielded by SSL.
The patch is also available for older versions of Apple’s operating system, with an iOS 6.1.6 update. The fix comes weeks after another minor iOS 7 update, which had to do with network errors in China. A more robust update, iOS 7.1, is expected next month.
Apple has been mum regarding specific details of the bug. So for that reason, it’s difficult to gauge the magnitude of the situation. “It has the potential to be a very serious issue,” said Jonathan Zdziarski, an iOS forensics expert. But he emphasized that many of the conclusions we can draw are only speculation, since Apple only vaguely and briefly described the vulnerability.
He did point to the possibility of man-in-the-middle attacks, where an eavesdropper could intercept data from a user’s phone. He also points out that Apple didn’t specifically mention any certain restrictions in its explanation of the vulnerability — like, say, the bug only being applicable when a certain app is running. The lack of that caveat could indicate that the bug potentially affected the whole phone, giving an attacker complete control over the device and personal information on it.
- Beatles channel debuts on Apple TV
- Apple loses bid to yank court-appointed antitrust monitor
- Apple’s Arizona plant could make ‘unprecedented’ amounts of sapphire
- Apple’s quest to reinvent digital healthcare
- Apple kills off last Bitcoin wallet app in App Store
- Apple goes big with a $14 billion stock buyback
- Apple eyes quantum dots for next phase of Retina display development
- Apple to open first retail store in Brazil next week
- Apple looking to hire experts to help create fitness products
- Apple wants to help you correct a text message after you send it