Apple has updated iOS6 and iOS7 to fix an issue with browsing web sites protected by SSL.
Without this update, iPhone and iPad users who were visiting a ‘secure’ website were at risk of having their communication intercepted if they were using a public WiFi connection. The device wasn’t properly authenticating a site’s security certificate, which resulted in it being vulnerable to this type of ‘man in the middle’ attack.
Apple’s security update describes the cause as “Secure Transport failed to validate the authenticity of the connection” and the potential impact as “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS”.
[More details: CrowdStrike.com; ImperialViolet.org]