On Friday, Apple released an urgent update to iOS 6 and 7. The only fix in the update is well worth bothering yourself with the update process, and doing it as soon as possible.
As stated by Apple, “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS” as a result of the issue. To put it simply, when you do your online banking, use Gmail or Facebook chat on a public Wi-Fi network (e.g. At the airport or a cafe), any skilled criminal around can read and modify your data, even though you see that small lock in Safari, indicating that your session is protected with encryption. It’s important to mention, that the vulnerability affects almost any application, not only the web browser. No wonder Apple rushed to push this update.
The security community spent this weekend trying to figure out the vulnerability’s nature. A technical analysis is available here, however the most important finding is that MacOS is affected too. Apple hasn’t released the MacOS patch as of now, but we expect to see it very soon.
What to do:
- update your iPhones, ipods and ipads running iOS 6 and 7. Do it using a trusted, non-open network, e.g. at home.
- Avoid doing anything sensitive, e.g. banking on your iOS devices before the update
- The same applies to MacOS devices — wait for the update. There are third-party updates already, however, applying this may be risky.
- if you really have to do banking on your device, use the most trusted networks only and implement additional protection measures – use Google Chrome, plus VPN and a reliable anti-virus.