This actually is a pretty major security issue. In some cases, connections that were secured using TLS (aka SSL, used by HTTPS web browsers and many other apps) did not actually check whether the certificate provided by the server actually matched the server's name. In effect it trusts any certificate that is valid for any site (issued by a real certificate authority and not expired). For example, foo.com using a valid certificate for foo.com could pretend to be gmail.com and iOS would just say OK sounds good! A malicious (or curious) ISP/DNS provider/Mobile carrier/wireless hotspot/etc could pretend to be gmail.com (or any other destination) and silently read (or modify) everyone's encrypted traffic.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Releases iOS 7.0.6 With Fix for SSL Connection Verification
- Thread starter MacRumors
- Start date
- Sort by reaction score
This actually is a pretty major security issue. In some cases, connections that were secured using TLS (aka SSL, used by HTTPS web browsers and many other apps) did not actually check whether the certificate provided by the server actually matched the server's name. In effect it trusts any certificate that is valid for any site (issued by a real certificate authority and not expired). For example, foo.com using a valid certificate for foo.com could pretend to be gmail.com and iOS would just say OK sounds good! A malicious (or curious) ISP/DNS provider/Mobile carrier/wireless hotspot/etc could pretend to be gmail.com (or any other destination) and silently read (or modify) everyone's encrypted traffic.
Did we seriously need this? Just release iOS 7.1 already Apple. Just include the bug fixes with that.
This is sarcasm, right? Since they haven't, you know, fixed the huge issues like safari crashing when having a single tab open for more than. 30 seconds?
Ios and Mac OS is starting to become a joke.
haha, they murdered the gba4iOS emu with this update
the app wont load anymore.really fast response by apple, im impressed
Remember after a device reboot you need to set your date back to before 18 feb 2014 and run the app then you can change back again.
Jailbreak is NOT patched. The Evad3rs should be releasing an updated version of Evasi0n7 very soon. If you really need to jailbreak now, you can follow this guide to modify the current version of Evasi0n7 to support the new iOS update. http://www.redmondpie.com/jailbreak-ios-7.0.6-untethered-using-evasi0n-right-now-tutorial/
----------
Anyone know if the bugs patched by 7.0.6 exist in 7.1 beta 5? I only ask because I was running beta 5 up until I read about the 7.0.6 update and how it patched a serious security bug. Immediately downgraded to 7.0.6 in order to ensure that I was protected by the patch. Again, anyone know if the bug patched by 7.0.6 is present in 7.1 beta 5?
Yeah, okay.
Either way, my 5s still reboots everyday so my complaint is still valid. iOS 7 was rushed. It could be worse, but I'm not 100% happy. My phone shouldn't crash.
13.3 on my iPad 4.
----------
I like how the gears in the settings icon start turning when you install an update...
Isn't that what 7.1 is for?
So, these 7.x.x releases weren't bug fixes to you? Some were critically fixes like the one today.
Even if a 2009 Android phone (aka Motorola Droid) was updated to Android kitkat the phone would run like garbage. That phone was starting to run like crap 3 years ago. Google has made so many changes to the OS (in a positive way) why suffer with the experience? Those changes were needed to surpass Apple and is the reason why Android is number 1 in the world. Even a 2011 Galaxy Nexus is slow and painful compared to a 2013 $99 Verizon Moto G.
It's like putting a 500hp engine in a rusty 1990 Toyota Tercel. The stock transmission and brakes cannot handle all the horsepower. Even before selling my iPhone 4 2 years ago it was running like crap. It's one thing to say you got upgraded but why would any "power user" suffer unless all you do is text and make calls? There are so many people here that will upgrade from a 5s to a iPhone 6 just because it will be bigger and faster. Same reason why Android users upgrade.
Five replacements, restore from scratch (not backup) every time. And now I have a problem with my headphone jack, too. Bad luck?
Don't feel bad. My wife's iPhone 5 has been crashing when the battery gets to around 20 to 40% and this was after upgrading to iOS 7; right after the warranty expired. I just consider it a feature but at least she likes the phone.
I will be using her upgrade while I upgrade my Note 3. She might get a hand-me-down iPhone 6 next year if I decide to go that route. Not a fanboy and can go Android or Apple depending on what's the best. I always try to be open minded. Apple "could" come out swinging this year but I won't put money on it.
Agreed, but would be cooler if not forces iPhone 4 onto iOS 7. It slows down iPhone 4. iPhone 4 users should have choice NOT to be forced onto iOS 7
you have to change the date on your phone, pre february 2014. then you can change it back
A year and a half old? Hardly.
Besides, mine doesn't do that, so I expect something else is causing it.
One would think that the issue isn't present in iOS 7.1 beta 5, otherwise it would only be responsible and make sense to at least release beta 6 with the fix at the same time that this update was released.