Brad Garnett

Welcome to my Digital Forensics and Incident Response oasis!

Digital Forensics, Incident Response, and Information Security

Apple releases iOS 7.0.6 CVE-2014-1266

On Friday, Apple released iOS 7.0.6 to fix a major SSL security vulnerability where a hacker could initiate a man-in-the-middle (MITM) attack and intercept SSL communications between an iOS device and its endpoint communication with another device or website. 

iOS7.png

Updates are available:

  • iOS 6.1.6 for iPhone 3GS and iPod touch 4th generation.
  • iOS 7.0.6 for iPhone 4 and later, iPod touch 5th generation, and iPad 2 and later.
  • Apple TV 6.0.2 for Apple TV 2nd generation and later.

According to Apple, an attacker with a privileged network position may capture or modify in sessions protected by SSL/TLS

 

iOS706PNG