Update your iThings: Apple splats SSL snooping bug in iOS 6,
Posted: Sat Feb 22, 2014 3:13 pm
http://www.theregister.co.uk/2014/02/21 ... erability/Apple has issued updates for its mobile operating system iOS to patch a bug that blew apart the integrity of encrypted connections in the right conditions.
Versions 7.0.6 and 6.1.6, available now for download, fixes a vulnerability that could allow "an attacker with a privileged network position" to "capture or modify data in sessions protected by SSL/TLS," according to the Cupertino corp. This is due to the Secure Transport component of the operating system failing to validate "the authenticity of the connection," suggesting some sort of failure to verify the certificate or identity of whatever system a vulnerable iDevice was connected to.