iOS 7.0.6 update patched a major SSL bug, OS X still vulnerable

By , Feb 22, 2014

ios 7-0-6

When we told you that Apple had released iOS 7.0.6 to the public yesterday, all we really knew about the update was that it fixed an SSL connection verification issue. We didn’t know it at the time, but it turns out that this was actually a major security flaw in iOS 7.

In a support document, Apple noted that the patch repaired a specific vulnerability that could allow an attacker with a “privileged network position” to capture or modify data protected by SSL/TLS. In other words, iOS was vulnerable to a ‘man-in-the-middle attack.’

For those unfamiliar with the term, a man-in-the-middle attack is where a malicious program poses as a trusted website to intercept communications or inject malware. It’s capable of stealing sensitive info like usernames, passwords and even credit card numbers.

Here’s the text from Apple’s support document:

iOS 7.0.6

Data Security

Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

CVE-ID

CVE-2014-1266

Google software engineer Adam Langley breaks it down:

“Note the two goto fail lines in a row. The first one is correctly bound to the if statement but the second, despite the indentation, isn’t conditional at all. The code will always jump to the end from that second goto, err will contain a successful value because the SHA1 update operation was successful and so the signature verification will never fail.

This signature verification is checking the signature in a ServerKeyExchange message. This is used in DHE and ECDHE ciphersuites to communicate the ephemeral key for the connection. The server is saying “here’s the ephemeral key and here’s a signature, from my certificate, so you know that it’s from me”. Now, if the link between the ephemeral key and the certificate chain is broken, then everything falls apart. It’s possible to send a correct certificate chain to the client, but sign the handshake with the wrong private key, or not sign it at all! There’s no proof that the server possesses the private key matching the public key in its certificate.

Since this is in SecureTransport, it affects iOS from some point prior to 7.0.6 (I confirmed on 7.0.4) and also OS X (confirmed on 10.9.1). 

So how bad is it? Evad3rs hacker pod2g says everyone should update ASAP:

Yeah, the security of iOS < 7.0.6 is now so bad that I advice everyone to update quick.

— pod2g (@pod2g) February 22, 2014

One of the worst day for Apple. Today we know that HTTPS haven’t protected our credentials and privacy for 1 year, maybe more on OSX and iOS — pod2g (@pod2g) February 22, 2014

People on public wifi networks (Sochi?), please just don’t use your iOS device if it’s not updated to iOS 7.0.6. Don’t use your Mac Book.
— pod2g (@pod2g) February 22, 2014

Langley and others believe that the issue has been resolved in iOS 7.0.6, so you should update as soon as possible—don’t worry, it’s still jailbreakable. But keep in mind that since Apple just discovered this vulnerability, the flaw is exploitable in all current iOS 7.1 betas.

Also, the bug has not been patched in OS X yet, but Apple has told Reuters that it’s aware of it and is working on a fix.

Wow, what a strange, major security breach for Apple’s otherwise-secure operating systems. It’s a good thing there are folks looking out for this kind of stuff.

  • Share:
  • Follow:
  • :/

    I’m not the only 1 this happened to, right?

    • http://www.iDownloadBlog.com Sebastien

      It was just a temporary hiccup at our hosting company. Everything should be back to normal

    • Bill Do

      It’s not the first time this has happened.

      • http://www.iDownloadBlog.com Sebastien

        Right. No website or web service is up 100% of the time. That applies to us too.

      • Kenrick Fernandes

        but ya’ll chanced the design for the mobile :( I preferred the older one.

      • Kamal Ahmad

        The current one is better. You just probably find it strange since you’ve been using the old one

      • Overte

        What? Dude. No way. This one is much nicer. It’s so much cleaner and therefore loads faster also when you scroll down before the page is fully loaded it doesn’t forcescroll back to the top like it did with the old one which was so annoying.

      • Kenrick Fernandes

        i guess your right. but i always liked the jump to comments feature. can’t see that anymore. miss that :(

      • NaSty

        The only reason why I liked the older design is that the Disqus comments lag when scrolling with the new design

      • Antzboogie

        Where is the jump to comments feature?? It was in old layout.

  • asdfasdf

    Lots of websites where down too. (iDownloadblog, cultofmac, some others too) What is happening?

  • Jacky Mark

    What happens if we update to iOS 7.0.6 if I’m already jailbroken on 7.0.4, will i lose my data?

    • Rafd08 ☫

      Jailbreak data, yes. But don’t OTA update as you’ll have problems while jailbreaking again.

      • Jacky Mark

        Jailbreak data meaning like my tweaks? I can directly update using itunes, and all my data will still be there right? Except my jailbreak of course. So that means I will have to jailbreak it again?

      • Guest

        dont … if u are jailbroken and u try to update from itunes u will b stuck on apple logo and all data will b lost so backup your data and restore the device and than restore backup and re jailbreak >..<

      • Brian Brown

        i updated from a jailbroken 5s running 7.0.4 to 7.0.6 and when i opened evasi0n, it said my device is already jailbroken and recommends not to re jailbreak…

      • saulobenigno

        Happened to me too, but press to jailbreak anyway, don’t worry about the message.

        It worked.

      • Jasmeet Singh

        dont …. if you are jailbroken and u try to update itunes will give u error and u will stuck on recovery or apple logo so backup your device than restore it not update than restore backup >.<

      • Mike

        Correct. Updating to 7.0.6 will wipe all jailbreak data. However, I advise that before you update to 7.0.6, download a package from Cydia called “Openbackup”. This backs up most (if not all) of your tweaks installed. Instructions on how to do this are included in the application itself, so no worries there.

      • Rowan09

        Use Openbackup to store your jailbreak tweaks.

      • Ankit

        Does it work for iOS 7 though?

      • Rowan09

        It didn’t work for me.

      • Ankit

        Same. Pissed

      • Mike

        Worked for me. Not visually optimized for iOS 7 but it still works.

      • Ankit

        Can you list out the steps you took for it to work?

      • Mike

        1. Open up the app and tap “Backup”. After that’s done, tap “Download”.

        2. After restoring and jailbreaking your device, reinstall OpenBackup.

        3. For the “Restore” function to work you’ll need an internet connection. When the restore is complete, tap “Install”. That’s it!

      • sorrento

        Hi, I did update to ios7.0.6 via iTunes, no OTA, but only by clicking on update with Shift to download the firmware from my PC and I got the same issue with Evasi0n. It says: my device is already jailbroken and jailbreak it again ain’t recommended.

        Any idea what to do ?

      • sorrento

        Ok, I found what was the issue:
        DO NOT update but restore !!!
        and an easy and faster one to do is alway STILL HOLD SHIFT before to restore so you’ll be able to go through your PC files to find the 7.0.6 firmware you previously downloaded then the updating will be much faster.
        Hope that I’ve helped some here ;)

      • Rafd08 ☫

        It’ll work both ways, if you just pressed jailbreak it’d still have worked. Even pimskeks said something about it.

      • sorrento

        I didn’t see it… Ok.

  • Ryan W

    this better be an iPhone only update

    D:

    • Quinten Janssen

      why is that? don’t you want your ipad to be safe?

  • saulobenigno

    I don’t use a lot of secure things on my iPhone (banks, credit card, etc..), is it really necessary to upgrade? Should I wait for a final 7.1 version and use it?

    Isn’t it better than do all the jailbreak stuff again now?

    • saulobenigno

      I mean, what I will lose if I don’t upgrade to 7.0.6? And what I will win? :)

      • ✪ aidan harris ✪

        What will you lose? Potentially any data that is being transmitted over a network (this is surprisingly a lot of data)

        What will you gain? Security and a fresh version of iOS should anything be acting sluggish (which if you’re jailbroken happens from time to time)…

    • Mike

      Same here. I consider myself as a average iPhone user with no personal data other than contacts, etc. I updated to 7.0.6 anyways though, because it’s not everyday pod2g advises everyone to update. The process itself to put my iPhone back into its jailbroken state wasn’t a nuisance either. Openbackup in cydia should do the trick, should you choose to update.

    • Steve R.

      Since 7.1 breaks the Evasi0n jailbreak, 7.0.6 may be one of the last security updates your phone receives. Therefore, I’d say to go through the hassle of backing up your iPhone, downloading 7.0.6, and then jailbreaking 7.0.6. for peace of mind.

      • saulobenigno

        Going to do that tonight, thank you guys. I’m going to try OpenBackup

      • saulobenigno

        Amazing, finished updating, used OpenBackup and everything is where it belongs, I just to test some more, but everything is perfect :)

      • Kenrick Fernandes

        were you left with a fresh OS ? I mean im pretty sure you didn’t backup. You used it as a clean OS, installed cydia and reinstalled all your apps manually right?

      • saulobenigno

        No, I backuped everything in iTunes, so everything is back. No fresh OS.

      • Kenrick Fernandes

        why would you do that. That’s bringing all thejunk from the previous OS to this one. By junk i mean all the rubbish left from the previous OS and Cydia to new 7.06

      • Ankit

        Did it work?

      • saulobenigno

        Yes, everything is good for me :)

      • Ankit

        what steps did you use in order to get it to work? Tried it on one of my phones and didn’t work..

      • Saulo Benigno

        I did that:

        1) Install OpenBackup
        2) Click backup on it
        3) After on iTunes, press to backup
        4) On iTunes press to update on itunes.
        5) After updating and restored run evasion and press to jailbreak even is says that it’s already jailbroke

        6) Install OpenBackup on Cydia, click Restore
        7) Reboot the device

        That’s it, easy ;)

  • Lance Baker

    So we should only worry if we use public wifi? Because I never do. Can these attacks happen over cellular networks as well?

    • Chris

      It theory yes but typical carriers run through secured frequencies which should authenticate our devices using our sim cards to ensure the data is being sent and received from the same device

      • Lance Baker

        Well, I really don’t want to update. Would actually be a downgrade for me. I’m on 7.1 beta 3 and it’s jailbroken. Can’t imagine going back to 7.0.x. THAT software behaves more like a beta.

      • Chris

        I would imagine Apple is going to release a patch for the 7.1.x BETA within the next couple of days if they already haven’t

      • Lance Baker

        But anything past beta 3 isn’t jailbreakable.

      • Chris

        That’s going to be your million dollar question then, do you go back to iOS 7.0.6 with full SSL security or hold on with a vulnerable device waiting for the word if iOS 7.1.x BETA can be jailbroken

      • Lance Baker

        There could also be the possibility of a cydia package fixing this problem. I just don’t know what to do. I’m torn.

      • Chris

        Maybe, but it wouldn’t tie into the core files which means it would be a patch on top of broken security which is worse as the patch could introduce more security issues

  • Tobias9413

    I feel that apple may have left the jailbreak vounerable on 7.0.6 because although they don’t really like what we do, they acknowledge us and we are after all their customers and want to keep us happy

  • Ian

    is anyone else having trouble downloading the firmware from itunes and iDB

    • Mike

      Well the links from iDB and iTunes are the exact same link. If you’re having trouble downloading through either one then it must mean a lot of people are downloading the link/updating their device.

      • Ian

        ok thanks

  • Jeremy

    Wait so I do want to update to 7.0.6 but how would I be able to backup my device with all the jailbreak data? Last time I tried with pkgbackup it didn’t work and I had to manually reinstall everything I had on my iPhone :/

    • Steve R.

      Today I used OpenBackup(free in Cydia) and all you have to do is click the “Backup” button, wait for it to finish and also have your iPhone backed up. Once you install 7.0.6, jailbreak your phone again, only download OpenBackup and then click the “Restore” button and you’ll have all of your Cydia tweaks and apps back to normal. I just used it about an hour ago and it worked great and relatively fast.

      • Mike

        I second this. Openbackup worked great for me. Didn’t install 2 or 3 tweaks for some reason but it did install the other 27 lol so I’m content.

      • Jeremy

        Thanks so much! I’ll make sure to try it out :)
        Wait but does this support iPhone 5s and 64-bit devices?

      • Steve R.

        It should work normally, although I used an iPhone 5.

  • Maggot Overlord

    I’m the only one who thinks “Winocm”?

    • Clark Wallace

      Me too, this is not coincidental.

  • ✪ aidan harris ✪

    So OS X is still vulnerable. Hmm should I reboot right now into Windows 8 (and stay there) then…

    • Chris

      It makes sense if Safari is the only browser but you’re forgetting the app store runs through SSL along with iCloud and other services so you’re in theory not fully protected

      • ✪ aidan harris ✪

        I never thought about that. I guess We’ll just have to hope that Apple releases a quick fix. Apparently i0n1c has released a patch for this vulnerability…

      • Chris

        I typically wouldn’t trust a patch from an unverified source, and yes, lets hope Apple gets a patch out soon as until then I’m leaving my Macbook lid closed

      • Michael Hulet

        i0n1c isn’t exactly an “unverified source”. He’s contributed a lot to the jailbreak community, and even personally wrote the code for the iOS 4.3.x Redsn0w/PwnageTool untether

      • Chris

        Writing code for system extensions doesn’t make you a verified source for OS patches, they should only ever come from the developers who work on uncompiled source

      • WolfgangHoltz

        And see what happens when you trust Apple.
        Apple maybe should focus more on security first and not on designing new icons and UI.

      • Chris

        They always focus on security but it appears that they and the community just forgot to test this one vital component of the operating system.

        While it did take Apple one year to acknowledge the issue the security experts within the community didn’t spot it either so the blame can go both ways from Apples perspective.

      • WolfgangHoltz

        What products have the “community” put on the market then? that have this fault?
        My concern is my Apple iDevices and don’t know what “community” you referring and what connection they have with Apple.

      • Chris

        I said “security experts within the community”, you implied something different, Apple has had a huge community of followers around security, you will hear from time-to-time that a security researcher for iOS has found a bug which Apple haven’t.

        These researchers or experts if you will also help to find these types of issues but both they and Apple didn’t so my comment was referring to the fact that no single person can be blamed as both sides didn’t test the SSL layer.

        The fact remains true that yes it took a long time to find this issue but Apple did eventually find it first which is why I suggested the security community could be blamed as well as these are the types of regression tests should be carried out periodically by both parties.

      • Sam Khan

        i would never take any patch from i0n1c, that guy is a big Troll.

      • Maxim∑

        he is very arrogant to, I would just wait for Apple. Im sure they are rushing to release it. Mac security updates are usually a lot more complicated then iOS

    • Jonathan

      Can you install Windows 8 on a Mac now?

      • Michael Hulet

        Yeah. I had the Consumer Preview running in a dual boot for a while, thanks to BootCamp

      • Jonathan

        I thought Apple only allowed Windows 7 installed. Could I install any OS (Windows XP, Ubuntu, etc) if I wanted using BootCamp?

      • Michael Hulet

        They updated it a month or two ago (in 10.9.1, I think) to support installations of Windows 8 & 8.1. It always worked with 8, though. They just marked it as supported recently. And I think you can only install Windows with BootCamp, but there’s a tool called Mac Linux USB Loader that wil set up a flash drive that you can use to install most builds of Linux in a dual boot

      • Jonathan

        Awesome, thank you. =)

      • Michael Hulet

        No problem :)

    • Jonathan

      Thanks for the link. Looks like Chrome for iOS is fine. But is any other internet connection not safe, or just Safari. Like, if I log into Paypal through the app, is it safe?

  • Jonathan

    Is it worth reinstalling every tweak? :/

    • Sam Khan

      if security is not a big concern for you then don’t have to.

      • Jonathan

        Well, I don’t want people hacking into my device… so. I guess I’ll update. :P

    • Rowan09

      Download openbackup to backup your tweaks.

      • Jonathan

        Thanks. =)

    • Maxim∑

      Jailbreak alone breaks some security features, this update won’t really change anything if your jailbroken

      • Jonathan

        And, you’re sure?

  • Sam Khan

    Looks like apple also fixed the Find my iPhone bug in 7.0.6.

  • Sam Khan

    i guess we can expect another 7.1 beta on monday

  • Noaaahh

    So, in other words, this is pretty serious and everyone should update to iOS 7.0.6 (?). I feel sorry for jailbreakers who have slow internet and have to download the /whole/ iPSW!

  • Kilo Oneninenine

    Just did a full restore and did an all new jailbreak to iOS 7.0.6 and everything is working smoothly.

  • Rowan09

    I’m very surprise that some hacker didn’t figure out this bug before. People were focused in touch ID hacks, etc and usually find these things out early. Well thank goodness this issue at least appears to now be fixed.

  • Garrett Alkofer

    I’ve updated and re-jailbroken and now I’ve noticed something while staring at my phone in a dark room. Whenever my finger is touching the screen while on I notice a very very faint red light coming from the black circle to the left of the speaker grille. I have never noticed this before until 5 minutes after I update. It’s the proximity sensor, correct? Why is it always on? I don’t have Siri or raise to speak enabled and I even tried disabling auto brightness. Does anyone experience this in a dark room, it’s very faint. And if so, what phone and iOS version are you using? I’m on iPhone 5s iOS 7.0.6

  • kahlil velayo

    just did a clean restore 706, now is jailbroken evasion7, 106. looks good to me. didn’t encounter any problems. happy.

  • 1HARVEN1 .

    can someone port the update to a cydia package ?

  • GaLuburt

    it also enables wifi to be disabled remotely and for the camera feature to be disabled remotely in crowd source events like picture theaters or some public events

  • GaLuburt

    I have iPhone 3g 3gs 4 4s 5 5s 3gs great 4s great 5 great 5s sucks ass.

  • Jamie

    I just added the update and rejailbroke. Used PKGBackup and it worked great. With this app it is no longer a pain to rejailbreak!

  • JinOnyxMusic

    I actually posted this in another topic, but thought that it would be more appropriate to post it here.

    I was wondering, is it still necessary to upgrade and jailbreak again because of this SSL bug fix? Ryan Petrich released a patch on his repo. I’m on 7.0.4. Is upgrading to 7.0.6 a good idea after this release from Ryan Petrich?

  • Fevostone

    There is a patch for this in cydia people

    • Chris

      Patches for security issues like this aren’t good, it’s better to upgrade to a version that has the fix built in

  • TotallySerious

    My jailbroken iphone 5s (ios 7.0.4) is stuck at the checking for update screen :( How do I update to ios 7.0.6 now? Any help is appreciated, thx

    • Chris

      Updates OTA are disabled by default when you jailbreak, to upgrade backup your data to either iTunes or iCloud then restore your device which removes jailbreak from the file system.

      Once done restore all your device data then jailbreak again.

  • http://www.iphoneglance.com iphoneglance

    Oh my, this is really bad Apple. If Steve was around this shit could not have happened.

  • Jerry

    You don’t need to update. Just download the SSL patch from cydia

  • Onehard

    Ok so i updated my 4s without using itunes…i did it directly from my phone…and currently i updated using my itunes to 7.0.6…..will i still suffer the boot logo error when i jailbreak?