Apple released the IOS 7.0.6 upgrade without much emphasis on its importance, but don’t take that with a grain of salt. It’s important! It fixes a nasty bug that allows an attacker with a privileged network position to capture data protected by SSL/TSL. Sound like jargon? Here’s our suggestion. Update your iPhone right now!
Also, keep in mind that OSX has the same issue and has yet to have a fix rolled out. The bug in question doesn’t allow an app or Safari to authenticate the security of the site/app which makes a user vulnerable to a ‘Man in the Middle’ attack. A ‘Man in the Middle’ attack happens when an attacker intercepts communication between a user’s browser and a website. These attackers can monitor, record, and see anything that happens during these transactions. When you think of online banking and other financial websites, this becomes a very scary “bug”, but they can also see your Facebook conversations, Gmail, and any other site you might be utilizing at the time.
While these attacks are normally remedied by the SSL/TSL of any particular website, this “bug” allows people to bypass that leaving you as vulnerable as you would be without them. Another scary thing to think about is that this bugged OS release has been in use since September of 2012.
Wondering if you should be worried? Look at it this way. Developers (who truly understand the moving parts of the bug) weren’t even willing to discuss it as they were worried it would give hackers needed information to take full advantage of the “bug”.