DPChallenge: A Digital Photography Contest You are not logged in. (log in or register
 

DPChallenge Forums >> Hardware and Software >> iOS 7.0.6 Crucial SSL security fix
Pages:  
Showing posts 1 - 25 of 28, (reverse)
AuthorThread
 02/22/2014 09:30:45 AM · #1
Alert! iOS 7.0.6 contains an important security fix. More important than normal. Git Er Done!!

You should update your iPhones and iPads to iOS 7.0.6 for a crucial SSL security fix
 02/22/2014 09:52:05 AM · #2
Did it! Thanks Richard!
 02/22/2014 10:55:50 AM · #3
"This update requires wifi connection to install."

Damn.
 02/22/2014 11:08:30 AM · #4
Originally posted by Ann:
"This update requires wifi connection to install."

Damn.

35.5MB in size on an iPhone 5s
 02/22/2014 11:28:39 AM · #5
i thought mac products were immune to this stuff?
 02/22/2014 11:38:48 AM · #6
Originally posted by Mike:
i thought mac products were immune to this stuff?

Whoa! I never said that. I do appreciate the prompt security fix from Apple.
 02/22/2014 11:39:17 AM · #7
not really
 02/22/2014 04:54:33 PM · #8
Originally posted by hahn23:
Originally posted by Ann:
"This update requires wifi connection to install."

Damn.

35.5MB in size on an iPhone 5s


No, really. That's the message I got. It won't download without wifi, and I'm away from wifi for several days.
 02/23/2014 12:22:44 PM · #9
So, after one installs iOS 7.0.6 Crucial SSL security fix on iPhone, iPad and AppleTV, then the question is whether one's other Mac devices are okay, especially the browsers.

A couple test sites:

https://gotofail.com/

https://www.howsmyssl.com/

Bottom line for me is I will switch to exclusive use of Chrome browser until Safari is patched.

Message edited by author 2014-02-23 12:23:30.
 02/25/2014 07:36:36 AM · #10
//gizmodo.com/why-apples-huge-security-flaw-is-so-scary-1529041062/@whitsongordon
 02/25/2014 07:43:03 AM · #11
isn't this security issue only a problem on public networks? if you are on a secure wifi or even using data, are you really at risk of this exploit?
 02/25/2014 10:09:45 AM · #12
Originally posted by Mike:
isn't this security issue only a problem on public networks? if you are on a secure wifi or even using data, are you really at risk of this exploit?


Theoretically, yes, you're still at risk. However, it's only "easy" on public wifi. Personally, I just stayed off public wifi until I got it fixed. But I avoid public wifi anyway.
 02/25/2014 12:10:39 PM · #13
Best way is to avoid the Internet altogether. I never connect. I type all my correspondence on a typewriter and post it to my solicitor for action on a daily basis.

Typing usernames/passwords takes 2-3 days of correspondence.
 02/25/2014 12:32:54 PM · #14
Originally posted by hahn23:
So, after one installs iOS 7.0.6 Crucial SSL security fix on iPhone, iPad and AppleTV, then the question is whether one's other Mac devices are okay, especially the browsers.



It would appear not ! "Users of Apple's OS X operating system are being warned to take care when browsing online as they wait for a solution to a security flaw."
> Apple users in security warning


02/25/2014 12:52:11 PM · #15
The SSL fix is part of OS X 10.9.2, which was already nearing release. I suspect the delay is just a matter of final bug testing on the larger update and will be released this week if not later today. Any longer and they would have issued a separate patch. If older OS versions are vulnerable, they'll likely release a patch for Snow Leopard and up at the same time (no sense in fixing the older stuff now while the current version is unpatched).
 02/25/2014 01:04:33 PM · #16
While we waitâ€Â¦

Chrome and Firefox rely on different implementations of SSL/TLS, meaning that they aren’t subject to the same vulnerability, as it’s in Apple’s code. That means that in the meantime you should be able to safely browse with them instead. Until the vulnerability is fixed, it would be best to do any secure tasks you need on an alternative browser like Chrome or Firefox, or on a patched iOS device.
 02/25/2014 01:10:06 PM · #17
BBC only picked up the story a couple of hours ago.

//www.bbc.co.uk/news/technology-26335701

Not getting much mainstream media coverage, for such a major security hole.
 02/25/2014 02:07:00 PM · #18
//www.forbes.com/sites/andygreenberg/2014/02/25/apple-patches-its-gotofail-security-bug-for-osx-after-four-days-of-heckling/
 02/25/2014 02:12:48 PM · #19
I'm sure it's fine... this is apple and they don't have issues like this remember :-)
 02/25/2014 02:19:17 PM · #20
Originally posted by robs:
I'm sure it's fine... this is apple and they don't have issues like this remember :-)

I'm grateful for the fix, which I'm downloading as I write this.

eta: OSX is all patched and Safari has received same.

Message edited by author 2014-02-25 14:36:34.
 02/25/2014 03:18:23 PM · #21
has anyone had any problems with this update? a friend of mine just bricked her phone after updating...it was an iPhone 5s.
 02/25/2014 03:23:21 PM · #22
Originally posted by Skip:
has anyone had any problems with this update? a friend of mine just bricked her phone after updatingâ€Â¦it was an iPhone 5s.

No problem with my iPhone 5S. All other Apple devices are also running well after updates.

eta: I assume she did not have a "jailbreak" phone.

Message edited by author 2014-02-25 15:25:40.
 02/25/2014 03:35:59 PM · #23
Originally posted by Skip:
has anyone had any problems with this update? a friend of mine just bricked her phone after updating...it was an iPhone 5s.

Mine "died", too. I had to go through the whole factory reset and then restore from previous backup rigmarole.

However, since it was the second time this happened, I talked to Apple and they said since the phone DID restore and is working correctly, the phone is fine (although I couldn't get them to actually check it out) and my computer/iTunes is to blame.

So I'll be uninstalling and reinstalling iTunes and crossing fingers for the next update.
 02/25/2014 03:59:31 PM · #24
Originally posted by scalvert:
The SSL fix is part of OS X 10.9.2... will be released this week if not later today.

Boom... later today. As predicted, they also released patches for the last few OS versions.

Message edited by author 2014-02-25 22:47:25.
 02/25/2014 04:11:46 PM · #25
For those of us stuck on older OS X versions (my Mac Pro can't be upgraded beyond Snow Leopard), I just checked that it's not an issue for at least 10.6 and older, since Apple switched from OpenSSL to their own implementation after that.

Someone posted a way to check too:

"""
you can verify that under that system Safari is using OpenSSL. To do so, simply move /usr/lib/libssl.*.dylib elsewhere and try to run Safari. It will fail due to missing libraries.

On 10.9 Safari will happily run with OpenSSL libraries removed.
"""

Note that of course, more than Safari is affected, but this may be a good way to check if your system and your software is using the OpenSSL implementation.
Pages:  
Current Server Time: 09/06/2025 05:25:00 PM

Please log in or register to post to the forums.


Home - Challenges - Community - League - Photos - Cameras - Lenses - Learn - Help - Terms of Use - Privacy - Top ^
DPChallenge, and website content and design, Copyright © 2001-2025 Challenging Technologies, LLC.
All digital photo copyrights belong to the photographers and may not be used without permission.
Current Server Time: 09/06/2025 05:25:00 PM EDT.