Is that an iPhone in your pocket? Then you’d better pull it out, dive into the settings menu and check for updates: there may be an important patch waiting for you. Apple has quietly pushed out iOS 7.0.6 and 6.1.6 — small updates that addresses a hitherto unknown security issue with its mobile OS.

According to the company’s security notes, the previous versions of iOS was missing key SSL validation steps that kept Secure Transport from validating authentic connections, making it possible for “attackers with a privileged network position” to “capture or modify data in sessions protected by SSL/TLS.”

In other words, iOS devices were failing to protect themselves on shady networks, unbeknownst to the user. It’s not clear if this security flaw was known outside of Cupertino, but it certainly is now.  Given the severity of the potential damage, Apple has taken a low-key approach to notifying users of the harm to which they are exposed.  The company has pushed a patch to iPhone users, but the company’s note says only, “This security update provides a fix for SSL connection verification,” and contains a link to a page on Apple’s support site. The update gives no sense of urgency about installing the patch.  Lucky you, then, that Apple has already issued the fix.

Well, what are you waiting for? Update your phone/tablet/Apple TV, already.

Researchers have found evidence that OS X also has SSL validation issues. Security firm Crowdstrike analyzed the iOS updates, and say that both of Apple’s platforms are/were vulnerable to man-in-the-middle attacks. It expects Apple will push a fix for OS X soon.

For we suggest the following:

  • Avoiding shady WiFi hotspots
  • Updating only on trusted networks

If in doubt, give us a call and we’ll walk you through to make sure you’re safe to go.  (702) 487-7000 Option 2