New update for iOS 7, the operating system of iPhone and iPad, revealed the unprecedented scale of exposed passwords of hundreds of millions of users on wireless networks for more than year and a half!
Users of Apple’s devices are used to a relatively high pace of updates, hence sometimes they wait a long time before they actually install these updates. But the update that came out last week to all devices running the iOS versions 6 and 7 is absolutely recommended to be installed as soon as possible and not to be delayed for any reason.
iOS 7.0.6 update, released last Friday, did not seem like a big update – only 35MB. But it has a patch to one of the most serious security problems discovered in Apple’s OS. The bug allows hackers who know how to use it to take over the secure communication between Apple mobile device and network services, and to capture all traffic, including usernames and passwords, and even inject malware in order to have constant access to the attacked device.
This is a bug that most hackers already know how to exploit. All they need is to be on the same wireless network with someone they want to attack and start the attack immediately after the secure connection with one of Apple’s apps starts.
There are also several quotes from known iPhone hackers, such as ‘MuscleNerd’ who wrote on his Twitter: “bad guys do not even need specific knowledge in iOS in order to take advantage of this bug that Apple corrected just now. A lot more hackers can take advantage of it”. Another hacker called ‘pod2g’ added: “People who use public networks? Please do not use Apple devices if the iOS version is not updated to 7.0.6. Preceding versions security is so bad now that I advise everyone to update quickly”.
It is believed that Apple knew about the bug since the dawn of existence. Between the release of iOS version 6 for iPhone, iPad, iPod touch and Apple TV and the introduction of Apple into the American spy program ‘PRISM’, as revealed by the documents leaked by Edward Snowden. These facts do not prove anything and they are entirely circumstantial, however the shoe fits…
Please note that the loophole was present not only Apple’s mobile devices, but also on Mac computers. The update to OS X that came out yesterday in fact fixes the bug.