- Mar 24, 2011
- 15,781
- 1,812
Apple has released a critical security update for iPhone and iPad iOS 7 and iOS 6. This urgent update is to fix the critical security vulnerability that exposes your data (including usernames, passwords, and other account credentials at nearly any website or service) to a Man in the Middle (MitM) attack.
[Note: If your iPhone is jailbroken, please see our article How to Install the Apple Security Update on Jailbroken Phones.]
A Man in the Middle attack, as the name suggests, allows a hacker to put themselves in the middle, and to intercept your data.
Moreover, a hacker or criminal could spoof being one of your otherwise trusted websites, stealing your data, and even installing malicious software (such as a keylogger that reports back to them) on your device.
Photo Credit: Martial Régereau / CC-BY-SA-3.0
The reason that millions of iOS devices are at risk right now for a Man in the Middle attack is that, with the latest version of iOS, Apple inadvertantly left out verifying that the host to whom your device is connecting over the SSL connection is an authorized, verified host. (SSL stands for Secure Sockets Layer.) SSL is the thing which confirms that your connection is secure, and which displays the lock symbol at secure websites:
Only, with the security flaw in iOS, you may think you are connecting to a secure site, securely, when, in fact, youre not.
So, what should you do?
You should immediately, and we cannot emphasize this enough, update your iOS devices (also your OS devices, however Apple has not yet released the patch for OS!) with the security patch.
To do this, go to the Settings section of your iOS device (iPhone or iPad):
Select General:
and select Software Update:
theinternetpatrol.com
[Note: If your iPhone is jailbroken, please see our article How to Install the Apple Security Update on Jailbroken Phones.]
A Man in the Middle attack, as the name suggests, allows a hacker to put themselves in the middle, and to intercept your data.
Moreover, a hacker or criminal could spoof being one of your otherwise trusted websites, stealing your data, and even installing malicious software (such as a keylogger that reports back to them) on your device.
Photo Credit: Martial Régereau / CC-BY-SA-3.0
The reason that millions of iOS devices are at risk right now for a Man in the Middle attack is that, with the latest version of iOS, Apple inadvertantly left out verifying that the host to whom your device is connecting over the SSL connection is an authorized, verified host. (SSL stands for Secure Sockets Layer.) SSL is the thing which confirms that your connection is secure, and which displays the lock symbol at secure websites:
Only, with the security flaw in iOS, you may think you are connecting to a secure site, securely, when, in fact, youre not.
So, what should you do?
You should immediately, and we cannot emphasize this enough, update your iOS devices (also your OS devices, however Apple has not yet released the patch for OS!) with the security patch.
To do this, go to the Settings section of your iOS device (iPhone or iPad):
Select General:
and select Software Update:
theinternetpatrol.com