[apple-iphone] Apple Security Flaw

It is not good etiquette to cross post across multiple lists. It is hard for others to follow the thread and will become confusing for the cross-poster.

>>> Not to mention that any replies go to the "Reply to" e-ddress in the headers and not to the "To" you type in. I replied to Richard's post and it ended up at iomug instead of the other list I put in the  "To" line. I had to cut and paste the body into a new email to get it to apple-iphone list.

If you are current on the updates for your iDevice, you have the best protection available. You are not using the latest version on your iDevices.

Apple did just release two updates with security updates in them. They released iOS 6.1.6 and iOS 7.0.6.

I do not know if you can install iOS 6.1.6 on your devices. Apple may not make them available to devices it wants to be running iOS 7. 

For those that did not see the prior iomug posts, Apple made iOS 6.1.6 available for the iPhone 3GS, iPod touch (4th generation). It does not mention the devices Richard has. While I agree iOS 6 is easier to read, you will be more secure with the current iOS version Apple suggests.

How much longer Apple will issue security updates for iOS 6 is yet to be seen. They did not offer anything past 6.1.3 for my iPhone 3GS, and now they are jumping to 6.1.6.

Brent

On Feb 22, 2014, at 1:36 PM, Richard E Johnson, MD wrote:

     I can't say I know much about security. I have an iPhone 4 with iOS 6.1.2 and an iPad 4 with 6.1.3. For the moment, I actually prefer the graphics of iOS 6 to 7, which is available for both. Are there any current security concerns that would argue strongly to upgrade to iOS 7 on either device? 

Thanks,

Dick Johnson

-------------------------------------------------

Richard E Johnson, ScM, MD, DABA

RECMSOJ@OnlineOK.com

recmsoj1@icloud.com

On Feb 22, 2014, at 1:21 PM, Al Varnell <alvarnell@mac.com> wrote:

 

On Sat, Feb 22, 2014 at 09:37 AM, William Lane wrote:
> Sent via iOS
>> On Feb 22, 2014, at 9:35, Fabian Fang <ftfang@gmail.com> wrote:
>> 
>> <http://www.reuters.com/article/2014/02/22/us-apple-flaw-idUSBREA1L01Y20140222>
>> 
>> and numerous other news reports

> From the article....
> 
> Apple released software patches and an update for the current version of iOS for iPhone 4 and later, 5th-generation iPod touches, and iPad 2 and later.

About the security content of iOS 7.0.6
<http://support.apple.com/kb/HT6147>.

About the security content of iOS 6.1.6
<http://support.apple.com/kb/HT6146>.

About the security content of Apple TV 6.0.2
<http://support.apple.com/kb/HT6148>.

==============

Impact: An attacker with a privileged network position may capture
or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of
the connection. This issue was addressed by restoring missing
validation steps.
CVE-ID
CVE-2014-1266

-Al-
-- 
Al Varnell
Mountain View, CA

-- 
Please ensure that you include your hardware and OS information when posting to the list. Providing that information in a signature will help others to help you.
--- 
You received this message because you are subscribed to the Google Groups "OSX Discussion List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to osxlist-discussion-list+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.