Apple releases iOS 7.0.6 to plug a security hole

iOS 7.0.6Apple released iOS 7.0.6 today, which fixes a security problem with how iDevices handled SSL connection verification. For users who can’t upgrade to iOS 7 because of the age of their hardware, Apple has also released iOS 6.1.6, which fixes the same problem.

It’s a small update, clocking in at 35.4 MB on my iPhone 5S and 13.3 MB on my 4th-generation iPad. That said, it’s still possible for something to go a little bit sideways with one of these updates, so as always, be sure to back up whatever iOS device you’re using before updating.

Still, it’s important that users download this update: having problems with verifying SSL connections could leave people open to attacks through resources that they thought were secure.

To download the update, open up the Settings app, then go to General > Software Update, and tap the “Download and Install” button. To install the update through iTunes, connect the device to your computer using USB, and then click on “Check for updates” in iTunes.

  • balls187

    This hole exists in OS X as well, and any apps that uses Apple’s SecureTransport API to do TLS/SSL negotiation.

    Interestingly enough, Code Review, Static Analysis, or good coding conventions would have prevented this cluster.

  • randonneur

    The update just bricked my original ipad mini. Won’t turn off but neither can I log in. Power button does nothing. Press home button and sometimes comes on and sometimes just remains blank. When it does come on and I swipe to enter code, the screen is blank with no ability to enter code so can’t get to apps. Do not upgrade!