ITS Online

iOS Vulnerability: Please Update

February 24, 2014

Apple has released a software patch for a serious SSL bug in iOS 6 and 7.  This update is available for all compatible iOS devices, please backup your phone and update immediately.

 

The version of iOS on a device can be checked by launching the Settings app, selecting General, and then selecting About. To update, launch the Settings app, select General, select Software Update, and update to iOS 7.0.6 (or 6.1.6 on the iPhone 3GS and 4th Gen iPod Touch).

 

The vulnerability is an apparently errant line in Apple’s “Secure Transport” API that causes signature verification to never fail. This allows unchecked attackers to impersonate “trusted” servers and intercept and decrypt communications at will.

 

The same SSL bug also exists in OS X 10.9 Mavericks, and Apple has promised that a patch is “coming soon”; the patch is expected to be released sometime later this week. OS X 10.8 Mountain Lion and earlier versions of OS X do not seem to have the vulnerability.  If you use OS X 10.9 Mavericks, please use an alternative browser such as Firefox or Chrome for the meantime.

 

For more information, please see this article from Apple Support: http://support.apple.com/kb/HT6147 or email itshelp@law.upenn.edu

Latest News

  • Image preview
    The Center for Computer Assisted Legal Instruction, also known as CALI, provides online interactive tutorials on various legal subjects.  Tutorials are authored by law faculty and peer reviewed by a member of the CALI Editorial Board.  Here is information on how to create an account and access the materials.
  • Image preview
    A new and improved interface for Files will be going live on all Canvas courses on May 11th.