TwitterACicon86x90vert facebookACicon86x90vert
TV/Radio XFINITY | WOW! | WBBM | WXRT | B96 + Dance | US99 | the Drive 97.1

YoutubeTwitterFacebookArlingtoncardinalYahoo! Google Bing Aol.ArlingtoncardinalTMZ Rotten Tomatoes ET Online Box Office MojoArlingtoncardinal Channel 9 WGN Channel 7 Chicago ABC Channel 5 Chicago NBC Channel 2 Chicago CBS Daily HeraldChicago Tribune Breaking NewsArlingtoncardinal Chicago Gas THE GUIDE

Apple Releases iOS 7.0.6 to Fix Flaw That Fails to Check Authenticity in Web Communications

Sat February 22 2014 10:10 am
 Share The Cardinal -- Articles (E-Mail, Facebook, Twitter & More) 

CHICAGO BEARS RADIO -- WBBM Newsradio 780 "Traffic on the 8's"

Apple rushed the release of iOS 7.0.6 Friday with a patch to attempt to fix a disgracefully overlooked SSL encryption issue that leaves Apple iPhone, iPad and Mac computer users (using Mac OS X 10.9.1) open to a man-in-the-middle (MITM) attack. Apparently, the Apple iOS does not check to make sure that the “common name” record in the SSL certificate sent by the server matches the hostname used to connect to the server’s IP address, thereby allowing a man-in-the-middle attack to defraud the system.

A man-in-the-middle attack seamlessly intercepts communication, such as unencrypted passwords — between yourself and your intended recipient or website, and according to Open Web Application Security Project (OWASP), “the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.”

SSL and TLS are used worldwide to prevent eavesdroppers from snooping on network traffic while communicating with sensitive services, such as banking and shopping websites and email servers. SSL and TLS only works if the other end of the connection can be verified and trusted. Security experts always instruct users to make sure the sensitive service always presents the https instead of http in the web address. With the middle man intercepting traffic, https is meaningless.

The vulnerability allows anyone with a certificate signed by a “trusted CA” to do a man-in-the-middle (MITM) attack.

A new version of Apple’s iOS for its tablets and phones was rushed out the door Friday to patch a vulnerability with its mobile, tablet and desktop software, which is not doing SSL/TLS hostname checking. The communications meant to be encrypted, is NOT encrypted.

The patch has only been issued for the more recent iPhones (iPhone 4 and later), iPod touch (5th generation) and iPad (2).

Unfortunately, the official website front page does not warn users of this serious security flaw, and Apple has not released a statement on when to expect this patch, nor what version range of iPhone, iPad, iPod Touch or Mac computer is affected by the major flaw. Apple’s security page does not offer a simple step plan for user. It is mostly loaded with confusing technical information and disclaimers about security notifications, security disclosures, and third-party. And to make matters worse, Apple’s security announcement list ( linked from its main security page “Apple Product Security” ( is NOT updated. The latest listing on Saturday, February 22, 2014 at 9:20 a.m. is dated November 14, 2013.

Apple Mailing List

APPLE-SA-2013-11-14-1 iOS 7.0.4

Subject: APPLE-SA-2013-11-14-1 iOS 7.0.4
From: Apple Product Security
Date: Thu, 14 Nov 2013 10:45:29 -0800

Security researchers across several communities believe that Mac computers with OS X Mavericks, released October 22, 2013 are even more at risk, as they are currently left operating without a patch. The security flaw involves a different issue, which is also present in the iOS version, but apparently has not been addressed, yet.

Update your Apple devices and systems as soon as possible to the latest available versions, unless you’re using a Mac OS X system before Maverick (10.9.1).

DO NOT use untrusted networks (especially Wi-Fi) while traveling or in public Wi-Fi network.

Update the patch, make purchases, or perform other sensitive operations only while operating in a trusted network,

To be extra safe, and definitely while operating unpatched mobile devices; TURN OFF the “Ask to Join Networks” setting.

Past Security Flaws with iOS

Embarrassingly thieves could turn off “Find My iPhone” by turning on Airplane Mode.

In September 2013 Apple released a fix that prevented offenders from using a sequence of actions that could defeat the Lock screen passcode.

An offender could cause an iOS7 iPhone to restart if the emergency call button was tapped repeatedly, and eventually dial regular non-emergency numbers. While the lock screen was restarting, the call dialer displayed and allowed non-emergency numbers to be dialed.

Get updates from The Cardinal ALL NEWS FEEDS on Facebook. Just ‘LIKE’ the ‘Arlington Cardinal Page (become a fan of our page). The updates cover all posts and sub-category posts from The Cardinal — You can also limit feeds to specific categories. See all of The Cardinal Facebook fan pages at …

CLEAR SKIES?  Weather Data for Saturday, February 22nd, 2014

Tags: , , ,    

IMPORTANT NOTE: All persons referred to as subjects, defendants, offenders or suspects, etc. are presumed to be innocent unless and until proven guilty beyond a reasonable doubt in a court of law.

Try a more powerful search in the box below ... SEARCH BOX PRODUCES RESULTS FOR The Cardinal -- ...
(POWERFUL SEARCH for The Cardinal, which can be expanded on the results page.)

Where background Wikipedia info/photos are used, original work is modified and released under CC-BY-SA.

::: Health, wellness and fitness gifts! ::: Cubs, Sox caps at :::

ARLINGTON HEIGHTS BREAKING NEWS --The Cardinal -- is a breaking news blog with Arlington Heights & Chicagoland emphasis. Early breaking reports may prove to be inaccurate after follow-up investigation, which may or may not be updated in The Cardinal -- For in-depth coverage, please also check the following links for network television, cable news networks and Chicago local media coverage ...

Daily Herald | Daily Herald -- Arlington Heights |
Today's headline videos: FOXNews Video | | Associated Press | The Cardinal
Chicago Area Newspapers
Video LOGO youtube Twitter Arlingtoncards facebook battery status Cardinal Calendar Search Batteries Plus RSS Help ...
All Headlines
crimeblog | fireblog

Comments for
COMMENTS are now available via one or more of our official Facebook pages. Comments no longer appear on the article per se. Please comment on or check the other popular Arlington Cardinal Facebook pages at ...

Anyone having information about serious crime in Arlington Heights should register on and look for the anonymous TIP411 feature, or call Arlington Heights Crime Stoppers at 847-590-STOP (847-590-7867). Callers are guaranteed anonymity and may qualify for a cash reward of up to $1,000. Not a resident of Arlington Heights? Check for availability for your community. | Traffic on Twitter


Weather radar map is provided by

RSS Cardinal Weather Center