OS X Vulnerable to SSL Bug Patched in iOS 7.0.6 Update

[JPSaltzman]

Dear Apple:

Not all users of iPhone 4S or the iPad 2 have updated to your glorious makeover iOS7 (where you proved beyond belief that hardware designers should not be allowed to be UI designers).

You updated iOS6 for the MUCH-USED iPhone 3GS; but you didn't bother including iPhone 4S or iPad 2 users, thinking that of course we all want the sluggish and buggish performance of iOS7 on our older-chip devices.

Would it really have killed you to make the iOS6 fix available to ALL iDevice users who had not updated? I mean, who still has an iPhone 3GS (I'm sure its battery died a long time ago)?

Sincerely yours,
A disgruntled Apple user since 1989.

 

[jlnr]

Either upgrade or live with the security flaw.

Or jailbreak iOS 6 and download a fix from Cydia

But not updating at all just shows an unwillingness to accept any change (ie, to swap one set of small annoyances for another set of small annoyances). [...] But if it makes you happy to be cynical and dismissive of the work and efforts of others, who am I too to tell you what is better for you.

Now I'm curious, what's your opinion of people who skipped Vista, or are still on Windows 7?

 

[skinned66]

Great advice.

I've confirmed that Ryan Petrich's fix is golden for jailbroken ios 7 devices also.

Look for SSLPatch on Cydia. The source is also on GitHub.

 

[charlituna]

There could not be any massive attacks on Mac computers (say, Target style) in general because nobody stores anything of value on Macs. They are simply not used as servers anywhere to warrant such attention.

In my office we have a great deal of highly valuable information all stored on Macs. Catch is that we have a secured network.

Plus spoofing common users to get passwords and credit cards is a valuable trick if done well.

And yet it seems like no one found this error until a patch went out to fix it. And then someone dug in to find the bad code.

----------

The fact that Apple made iOS it's first priority is very revealing, they could have made it their highest priority to fix both iOS & OS X concurrently.

Potentially hundreds of millions of users with iOS devices against a fraction of that using macs. Makes sense that they would get the iOS patch out first. And it hasn't even been a week. For all we know the Mac patch will come out on Monday.

 

[scottwaugh]

Dear Apple:

Not all users of iPhone 4S or the iPad 2 have updated to your glorious makeover iOS7 (where you proved beyond belief that hardware designers should not be allowed to be UI designers).

You updated iOS6 for the MUCH-USED iPhone 3GS; but you didn't bother including iPhone 4S or iPad 2 users, thinking that of course we all want the sluggish and buggish performance of iOS7 on our older-chip devices.

Would it really have killed you to make the iOS6 fix available to ALL iDevice users who had not updated? I mean, who still has an iPhone 3GS (I'm sure its battery died a long time ago)?

Sincerely yours,
A disgruntled Apple user since 1989.

Very good points overall (I have an iOS 6 4s that I didn't want to make the leap to 7 on), but Apple was still handing out 3GS's not that long ago (who's batteries would be fine) - so its nice Apple updated them.

It's frustrating that iOS 6 has this when OS X 10.8.x does not, ugh. My wife's 4s, which still has iOS 5 on it (she did not want it changed) is fine and doesn't exhibit the flaw.

 

[C DM]

Very good points overall (I have an iOS 6 4s that I didn't want to make the leap to 7 on), but Apple was still handing out 3GS's not that long ago (who's batteries would be fine) - so its nice Apple updated them.

It's frustrating that iOS 6 has this, ugh. My wife's 4s, which still has iOS 5 on it (she did not want it changed) is fine and doesn't exhibit the flaw.

You've checked against one of the sites that tests for it using that phone with iOS 5? Just curious.

 

[aggri1]

...My wife's 4s, which still has iOS 5 on it (she did not want it changed) is fine and doesn't exhibit the flaw.

I just checked on my iPhone 4 also; not vulnerable (to this particular bug) with iOS 5.1.1. Yippee! (EDIT: I went to gotofail.com, said it wasn't vulnerable).

 

[charlituna]

There is no version of iOS 6 with this patch. You'll need to upgrade to iOS 7 to get this patch. :/

Yes there is. They catch is that it will only be served to devices that can't go higher than iOS 6

 

[C DM]

I just checked on my iPhone 4 also; not vulnerable (to this particular bug) with iOS 5.1.1. Yippee! (EDIT: I went to gotofail.com, said it wasn't vulnerable).

Good to hear that iOS 5 is not affected.

 

[charlituna]

I wonder if we'll see beta 6 for 7.1 today or tomorrow now, as beta 5 is still affected and vulnerable, which really screws developers over.

We'll only see a beta 6 if there is something else for them to test. If there is not then we'll see 7.1 next

 

[C DM]

Yes there is. They catch is that it will only be served to devices that can't go higher than iOS 6

Thats the part that sucks. They have the patch they are already releasing for iOS 6 so couldn't be that hard to make it available to all devices that support it (even those that can support iOS 7, at least in theory).

----------

We'll only see a beta 6 if there is something else for them to test. If there is not then we'll see 7.1 next

I would say that unless a GM is already planned for next week (and will include this fix in it) it wouldn't be all that responsible of Apple not to release a beta update with this high priority and high visibility security patch.

 

[StephenFleming]

My wife is perfectly happy with iOS 6 on her iPhone and iPad. She hates the look and feel of iOS 7 and does not want to upgrade. Since iOS 6.1.6 has been released for the 3GS, I think Apple should make it available for all iOS 6 users.

 

[charlituna]

At this point I feel as if Apple will force iOS 7 on users whatever it takes. I hope I am wrong.

Of course they want everyone possible on the new software. If only for the whole activation lock thing

 

[Rogifan]

I guess I needed to read more carefully:

"Apple has also released iOS 6.1.6 (build 10b500) for the iPhone 3GS and fourth-generation iPod touch."

Probably if you can upgrade to 7, you get 7.06, even you are still on IOS 6. I guess this is a really good way for Apple to get more people on 7.

I guess I don't get why trying to get people on the latest OS is a bad thing. But if this is so serious wouldn't Apple send notification to iOS 6 users recommending they update their software?

 

[Rogifan]

You may consider sending feedback to Apple requesting parallel updates for users remaining on iOS 6. Several of us did yesterday. I'm not hopeful. At this point I feel as if Apple will force iOS 7 on users whatever it takes. I hope I am wrong.

So what happens when we're on iOS 8 or 9 and Apple is no longer supporting iOS 6 and prior. Will you be on Android or Windows Phone by then?

 

[C DM]

Of course they want everyone possible on the new software. If only for the whole activation lock thing

Does that (having more or less people use Activation Lock) really help or hurt Apple in anyway?

----------

I guess I don't get why trying to get people on the latest OS is a bad thing. But if this is so serious wouldn't Apple send notification to iOS 6 users recommending they update their software?

When the latest OS might not perform that well perhaps, could be one reason.

And as is the case with any update, a notification gets pushed out to the Settings app.

 

[KUguardgrl13]

Did anybody else not get a notification to update their iDevice? The only reason I knew to update was seeing it here.

Also annoyed that I can't use my Mac at school for anything outside of Chrome. Students and guests use the same network

Any advice about talking to parents about updating their devices? They still have iOS 6 on a 4S, an iPad 2, and an iPad 4th gen. Not even sure if they're running the latest versions. Although for once it's good that their 2010 MBP is still on SL.

 

[SusanK]

So what happens when we're on iOS 8 or 9 and Apple is no longer supporting iOS 6 and prior. Will you be on Android or Windows Phone by then?

Hi,

I don't use an iPhone. Never did. I can't really decide on iOS 8 or iOS 9 until it is available. I haven't ruled out Android for a tablet. Just can't say. This SSL bug is unfortunate. Would be very decent of Apple to make the patch available to anyone still on iOS 6. They can do it if they wish to.

I looked at a few Android tablets and my initial impression was favorable. A few months ago a friend's husband bought one on an impulse from a shopping channel. My friend asked me to help them set it up. Hardware was faulty but the software was not bad. I played with it for a short time and then suggested they return due to the hardware.

I have been an Apple user for a long time. Too early to tell if there will be changes.

I do need Windows from time to time for email. Mail threads email together by subject. Several senders are on one thread by coincidence. If I need to forward one item to an unrelated party the entire thread is sent by Mail. I use Win 7 to send the one item only. No, Microsoft does not get crazy that I am not using Win 8. I think they are supporting my XP notebook for a few more weeks.

Thanks for asking. I didn't expect to be in this position as I have a Mac running System 7 and two Macs running Panther. This is a little new for me.

Have a good evening!

----------

I guess I don't get why trying to get people on the latest OS is a bad thing. But if this is so serious wouldn't Apple send notification to iOS 6 users recommending they update their software?

Your idea makes sense but no it didn't happen that way for me. Previous updates of iOS 7 have already been pushed to the iDevice. No special notification of the SSL bug. I learned about it on Fidelity's website on Friday.

 

[C DM]

Hi,

I don't use an iPhone. Never did. I can't really decide on iOS 8 or iOS 9 until it is available. I haven't ruled out Android for a tablet. Just can't say. This SSL bug is unfortunate. Would be very decent of Apple to make the patch available to anyone still on iOS 6. They can do it if they wish to.

I looked at a few Android tablets and my initial impression was favorable. A few months ago a friend's husband bought one on an impulse from a shopping channel. My friend asked me to help them set it up. Hardware was faulty but the software was not bad. I played with it for a short time and then suggested they return due to the hardware.

I have been an Apple user for a long time. Too early to tell if there will be changes.

I do need Windows from time to time for email. Mail threads email together by subject. Several senders are on one thread by coincidence. If I need to forward one item to an unrelated party the entire thread is sent by Mail. I use Win 7 to send the one item only. No, Microsoft does not get crazy that I am not using Win 8. I think they are supporting my XP notebook for a few more weeks.

Thanks for asking. I didn't expect to be in this position as I have a Mac running System 7 and two Macs running Panther. This is a little new for me.

Have a good evening!

----------



Your idea makes sense but no it didn't happen that way for me. Previous updates of iOS 7 have already been pushed to the iDevice. No special notification of the SSL bug. I learned about it on Fidelity's website on Friday.

Well, there's the badge on the Settings app icon, right?

 

[SusanK]

My wife's 4s, which still has iOS 5 on it (she did not want it changed) is fine and doesn't exhibit the flaw.

I have an iPod Touch running OS 5.1.1. That one will be with me when I leave the house.

----------

Well, there's the badge on the Settings app icon, right?

Yes, A few months ago I neglected to turn off WiFi before connecting to AC. iOS 7.x was pushed to the device.

Apple has done absolutely nothing to notify users that there is a critical security bug or that 6.1.6 is available for some but not all devices running iOS 6.

 

[C DM]

I have an iPod Touch running OS 5.1.1. That one will be with me when I leave the house.

----------



Yes, A few months ago I neglected to turn off WiFi before connecting to AC. iOS 7.x was pushed to the device.

Apple has done absolutely nothing to notify users that there is a critical security bug or that 6.1.6 is available for some but not all devices running iOS 6.

Well the badge indicator on the Settings app would essentially be that notification, that a new update is available for the device.

 

[rablat]

READ: Introduced in 10.9. I tested my Safari (running 10.8.5), and it's fine. Yet another Mavericks bug I'll go laugh at my friend who thinks that Mavericks was a worthwhile upgrade.

And we'll laugh at you for thinking it's not. It will be fixed. You think ML didn't have bugs? Think again.

 

[Rogifan]

Your idea makes sense but no it didn't happen that way for me. Previous updates of iOS 7 have already been pushed to the iDevice. No special notification of the SSL bug. I learned about it on Fidelity's website on Friday.

I would assume Apple knows what software devices are running so for those devices that haven't updated their software why wouldn't Apple send some sort of notification that they should update their device? Especially if the theory is they want to push as many holdouts to iOS 7 as possible. My sister has an iPhone 5 running iOS 6 and I know she has no clue about this issue and would ignore the little red notification on the settings app as she specifically has chosen not to update her software.

 

[GregAndonian]

Wow, this sounds scary. Makes me glad I'M using WINDOWS!

 

[NeverAssumeNorm]

And we'll laugh at you for thinking it's not. It will be fixed. You think ML didn't have bugs? Think again.

I tried Mavericks, and all the ML bugs are still there and then some. You've been exposing your Mac to man-in-the-middle attacks up until… oh yeah it's not even patched yet… by running 10.9. The users patiently waiting on Mountain Lion can then just update to Mavericks once these things are patched. There is absolutely zero advantage in updating early.