On Friday, Apple released iOS 7.0.6 which “provides a fix for SSL connection verification.” The support notes provided read:
Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
Why is this important? On a shared network, you will be vulnerable to “man-in-the-middle” attacks, meaning someone either listening in, or even altering your data as it passes between you and what would normally be a secure, private connection.
For enterprise, this is even more of a concern. How do you ensure everyone connected is safely sharing and viewing sensitive data securely? To be fair, iOS has been the choice for security by many companies and government agencies for awhile now. The fact that every phone has hardware encryption available, with the use of pass code, is big. Android struggles with problem, since they don’t have a hardware and software solution similar to Apple. But when their are bugs found, it’s best to be on the ready to quickly update with a patch. The version of the operating system is available for any app, which is perfect for enterprise-level apps. They can issue a block on access if they detect an unsafe version of OS, such as this. This is just one solution that can be adopted. The most important thing to do is to make sure everyone has the latest and most secure version of any operating system.
For iOS, there’s already a fix, but if you own a Mac, you’ll have to wait until Apple releases an update for OS X. In the meantime, please make sure you know the url you’re pointing. Don’t trust IP addresses that open in your browser, if expecting a domain name instead.
On iOS, you can check for your update by opening the Settings app. Within Settings, navigate to General > Software Update.