Apple security update fixes iOS vulnerability

The tech giant fixes a security problem in iOS that affected encrypted connections.

Apple's iPhone 5S
Apple's iPhone 5S Sarah Tew/CNET
Apple on Friday released the latest update of its mobile operating system. It's of note because it fixes an SSL connection issue, an important encryption vulnerability.

SSL, or Secure Sockets Layer, is one of the most basic forms of encrypting Internet traffic. Without it, almost anybody can see what you're doing online. According to Apple's full description of the update, the software previously had problems validating the authenticity of the connection, and the software fix restores steps that were missing in the validation process.

The company said the fix would stop an attacker from capturing and modifying data when supposedly shielded by SSL.

The patch is also available for older versions of Apple's operating system, with an iOS 6.1.6 update. The fix comes weeks after another minor iOS 7 update, which had to do with network errors in China. A more robust update, iOS 7.1, is expected next month.

Apple has been mum regarding specific details of the bug. So for that reason, it's difficult to gauge the magnitude of the situation. "It has the potential to be a very serious issue," said Jonathan Zdziarski, an iOS forensics expert. But he emphasized that many of the conclusions we can draw are only speculation, since Apple only vaguely and briefly described the vulnerability.

He did point to the possibility of man-in-the-middle attacks, where an eavesdropper could intercept data from a user's phone. He also points out that Apple didn't specifically mention any certain restrictions in its explanation of the vulnerability -- like, say, the bug only being applicable when a certain app is running. The lack of that caveat could indicate that the bug potentially affected the whole phone, giving an attacker complete control over the device and personal information on it.

Apple did not return a request for comment. We'll update this post if we hear back.

Update, 5:13 p.m. PT: Adds comments from an iOS forensic expert.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Best mobile games of 2014
Nissan gives new Murano bold style (pictures)
Top great space moments in 2014 (pictures)
This is it: The Audiophiliac's top in-ear headphones of 2014 (pictures)
ZTE's wallet-friendly Grand X (pictures)
Lenovo reprises clever design for the Yoga Tablet 2 (Pictures)