blog-sslpatch

iOS SSL/TLS bug…Update to iOS 7.0.6 NOW

IPhone/iPad/iPod users on iOS 7.x.x, you need to update to iOS 7.0.6 right now. For the past year, iOS 7 had been vulnerable to an attack where the SSL/TLS chain could be easily broken…meaning, anyone with a little programming knowledge (script kiddies) could intercept your usernames and passwords, credit card info and any other private data even if the site/app you are on appears to be using https or SSL (secure sites).

If you have jailbroken your phone Evasi0n still works, so update through iTunes, not OTA updates thought the Settings app on the device and then jailbreak again.

A more in depth write up of what happened.
https://www.imperialviolet.org/2014/02/22/applebug.html

Alternately, if you have a jailbroken iOS device, you can download SSLPatch which was released by Ryan Petrich. The jailbreak community tends to always be one step ahead of Apple as well as are responsible for a rather large percentage of security patches that are actually attributed to them (look for Evad3rs).

Leave a Comment