iOS 7.0.6 and 6.1.6 are Very Important Updates

By AbleTec, 23 February, 2014

Forum
iOS and iPadOS
There's a new update for IOS 7 (7.0.6) The post describing this update & why it's so critical can be found at: http://www.welivesecurity.com/2014/02/22/urgent-iphone-and-ipad-security-update-mac-os-x-pending/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29 I'm going to briefly summarize the post by quoting relevant portions below. "until you upgrade, your i-device has “a critical vulnerability that could allow hackers to intercept what should have been secure communications between your iPhone and SSL-protected websites.” SSL is what online banks and stores use to protect your electronic interaction with them. It is signified by the little padlock icon that shows up in the browser address bar, next to “https://address” and so on. As Graham notes, the problem Apple is fixing with this update potentially means that “online attackers could grab your userid or passwords as you attempted to log into popular websites.” Since SSL is also used to verify software updates, sometimes called patches, those present another possible avenue of attack for the bad guys looking to take over these devices. What does that mean? You should do your iOS 7.0.6 update over a trusted network, not the open Wi-Fi at your local coffee shop (unless you know the owner is also security geek or you’re a security pro yourself and installed the system for her). At this point my main concern is that the bad guys have reverse engineered the fix and now know how to target the vulnerability on unpatched systems. A serious secondary concern is that not everyone with an i-device is seeing a message from Apple urging them to upgrade. In the past, I know the Settings icon on my iPhone has sported a numeric badge telling me that I need to upgrade, but I have not yet seen one for iOS 7.0.6. (and a non-scientific survey of friends tells me I am not alone). Another potential obstacle to rapid and universal plugging of this attack vector is that “a fix for SSL connection verification” does not read like an appealing reason to upgrade, particularly for the millions of users who have no idea what SSL is, despite using it every day. So let me just repeat that this is an important update. Encouraging friends and family who have iOS devices to go ahead with the update is the right thing to do. As for Apple Mac laptops and desktops, the situation is that they too have this SSL vulnerability and the update is not yet released. If you, like me, are using a Mac, you need to stay alert for the release of the fix and install it right away, over a known good network. One precaution you can take is to use Firefox or Chrome as your browser as these will abort vulnerable connections. You can check this using a web page at gotofail.com. • On unpatched mobile and laptop devices, set “Ask to Join Networks” setting to OFF, which will prevent them from showing prompts to connect to untrusted networks."" HTH, all.

Options

Comments

By Josh C. on Tuesday, February 25, 2014 - 02:39

I haven't received an alert about this update on my iPhone, but my brand new iPod Touch 64 GB gave me an alert yesterday shortly after I logged on to my wi-fi. The badge app icon on my iPod shows 1 update available, but it doesn't show anything on my iPhone 5C. My dad never received an alert on his 4S either. I have a very important question before updating. I've never updated before, so how high is the risk of losing my apps and other data? I haven't set up iCloud yet, but I've backed up all my apps to my computer via iTunes. I'm not worried about my iPod right now since I haven't had time to put anything on it yet, but I do have a couple of apps, a fiew music files, and a bunch of custom ringtones on my iPhone.

By Michael Hansen on Tuesday, February 25, 2014 - 02:39

Member of the AppleVis Editorial Team
Hi Josh, You can go into Settings> General> Software Update to check for a new update, even if your phone doesn't alert you that it is available. As far as how "safe" it is to update...the risk of losing all of your apps is minimal, especially if you use Over-the-Air update. But, before you update, you should back up your device from your computer (or iCloud once you get that set-up, whichever you prefer) just in case something goes terribly wrong.

By Justin on Tuesday, February 25, 2014 - 02:39

I agree with Michael. It's never a bada idea to backup your device before you upgrade, just incase something bad happens. And, you shouldn't loose your ringtones.
Thanks, Michael. I did check under settings on my phone and it did say that the update was available after I went into software update. I use a reminders app called Alarmed. If I back it up to my computer using iTunes, will it also back up Alarmed's data base so that I won't lose my reminders if something were to go wrong? Also, forgive me for the silly question, but what is an over the air update? Can I do it via wi-fi?

By Justin on Tuesday, February 25, 2014 - 02:39

Hey there, Your reminders should back up. Also, an over the air update is one that uses your phone's wifi connection to download and install the update without having to connect to iTunes and install the update using the connection on your computer. Hth.
Thanks, Justin. I went on ahead and updated my iPod with no problems, except that it went completely silent for a fiew minutes while it was installing the update. Not being able to see the screen, the silence had me scared, because I thought that the update had failed, until I heard VoiceOver come back on. I wish that Apple would fix it so that VoiceOver stays on during an update like Jaws for Windows does, so I can hear the progress of the update. I'm reluctant now to update my phone without sighted assistance just in case something goes wrong, because it's the only phone I have.

By Justin on Tuesday, February 25, 2014 - 02:39

The only way that I know of for updating your phone with speech is to use iTunes with your phone hookedu p to the computer. But if you do over the air updates, you will loose speech while the phone is restarting and installing the update. This is normal, and also tha apple logo appears for the majority of the installation. HTH.

By Michael Hansen on Tuesday, February 25, 2014 - 02:39

Member of the AppleVis Editorial Team
Hi Josh, While a bit disconcerting at first, losing speech during installation of an Over-the-Air update is completely normal. You would also lose speech during an Apple iOS update using iTunes, and the process usually takes a lot longer because you have to download the whole 1Gb+ iPSW file--instead of just the updated firmware on Over-the-Air update. For what it's worth, if you're concerned about losing apps, I would do Over-the-Air update instead of using iTunes if you can. That way, there is no way you could accidentally press the "restore" button instead of the "update" button when doing the update.

By Cherokee Eagle on Tuesday, February 25, 2014 - 02:39

One thing I haven't heard mentioned here is the use of incripted back-up. If you plug in to iTunes on your computer, you can check the box that says to incript the back-up. It will ask you to choose a password, so make sure it's one you can remember. This will not only back up apps, music, etc, but it will back up account data such as books you've downloaded in Bard, as well as keep login info for apps. If something goes wrong, you can restore from this incripted back-up, and not have lost things. I did this when upgrading my phone a few months ago, and so had less to set up. Hope this was useful. Cherokee

By Toonhead on Tuesday, February 25, 2014 - 02:39

Hi. As I posted yesterday, another thing to be really careful of while updating via iTunes is to plug your phone into the pc using a standard USB port, and not a USB hub. A friend of mine did this, not thinking there would be any difference, but the results were not good, to say the very least. It froze her phone during the update, and we had to call an Apple representative on the phone to figure out what to do. We plugged the phone into the regular USB port and luckily, the phone went into recovery mode and it restored the phone to factory defaults, just as if it'd been turned on for the very first time. I usually do over-the-air updates, so backing up to iTunes and then doing an over-the-air update is the safest bet for me. Yes, you'll lose speech during the update process, but if you know this will happen you can put the phone down and go grab a snack or something while the update process happens. Your phone should vibrate right before VoiceOver comes on, and the iPod makes a little chirping sound so if you hear those things, you'll know VoiceOver is about to speak.

By Daniel on Tuesday, February 25, 2014 - 02:39

Hi all, and to Josh. This time around I actually used the OTA method. However, normally I use iTunes. This is because: 1. It backs up my device before I perform the update. I should point out here I even back it up to iTunes before I did the OTA method. I did OTA this time round purely because I wanted to experience how the process worked and like others have said one's device goes quiet during the re-start process but after this the phone vibrated Voiceover announced its presence and all was well. The update was successful via OTA 2. If your like me though, normally I update via iTunes when an update comes out. Now this certainly takes longer and you have to wire your device up to your computer in my case I was using a Mac running latest version of Mavericks and iTunes too which is another point. If one is updating by iTunes all the time is is always best to have the latest up to date version of iTunes before doing the update. Anyway to Josh, my most important reason why I update with this method apart from that it firstly backs up the data from the device to the computer is that once you've started the update process, if your using a Mac I can't remember how it works in Windows so perhaps someone could describe it for you here. I can keep an eye as it were on the LCD section of iTunes the part where if you are playing anything iTunes it tells you the name, artist etc. I can keep an eye on that while the phone updates and I don't get fearful when I lose speech. So the method of updating via iTunes might be more reassuring for you. I know that it is for me. Sorry for the long winded post but I hope it proves helpful for someone trying to decide on there updating method for there I devices.

By Josh C. on Tuesday, February 25, 2014 - 02:39

In reply to by Daniel

I just updated my phone using the OTA method and I had no problems. Of corse I backed up to iTunes first. I'll probably never use iTunes to update since I've read too many bad things about it. One thing I discovered under Settings\General\Software Update on my phone was that the update didn't download automaticly like it did on my iPod, and that's probably why I never received an alert on my phone. I have updates turned off under iTunes and App Store to keep accessibility on my apps, but I didn't think that this would effect iOS updates. About backups, do I need to encrypt my backups to keep app data such as reminders in Alarmed, etc? How do I encrypt my backups in iTunes for Windows?

By Daniel on Tuesday, February 25, 2014 - 02:39

Hi all, simple question. For those who have bad experiences updating with iTunes why is it bad to update using this method? Fortunatly, I have never plugged my iPhone's USB into a USB hub first and so didn't have the terrible experience mentioned here but fore sure thank you for the poster who shared it. Just wondered Josh, what have you red that makes you say that you have heard bad experiences with updating with iTunes because for me, there hasn't been anything so far using this method.

By MarkSarch on Tuesday, February 25, 2014 - 02:39

Hi guys the answer about What's bad about updating with iTunes? it's absolutely nothing. the previous comments above happens because the person plug the USB Cord on the wrong way. but this is nothing to do using iTunes. using the iOS update over the air is faster and doesn't require any PC or Mac computer. just the iOS device need to be connected to the WiFi and the iOS need to be chargin and ready settings// general// software update but for the other part What's the benefits to use iTunes to update the iOS software? well the answer is many more benefits as Michael say the process take a longer time because the download is about 1.3 Gb regarding to Toonhead the issue was because your friend plug the device in the wrong port but is nothing to do with iTunes, but it's good tip to share to all who are beggining on the iOS devices. Josh, using iTunes to software update is the easier way and self way to do the update I don't know the reason why they have issues using iTunes may of the reason is because don't know to use iTunes well for many people when talk about iTunes since like afraid of use it. iTunes is very accessible to manage not matter what kind of screen reading use. However there exist a risk, minimal risk, less comparing when do the software updae over the air. Daniel: according to apple there less possible bugs confirmed on the iOS devices when you do the software update using iTunes. even doing the iOS update via iTunes many bugs could be fixed.

By KE7ZUM on Tuesday, February 25, 2014 - 02:39

About 99 percent of the time, the operator of the device is at fault when they say stuff happens and should not during an iTunes update. Frankly they should by now learn to back up their phone before the update, then just follow the prompts. In the 4 years I've owned an iPhone I have never ever lost any apps, music, ring tones etc and my back ups were both incripted and unencrypted.

I love OTa but I always download the ipsw file just in case I have to restore off line, for example if I'm at school or what ever.

I do agree though, you should update when you see an announcement on twitter/facebook or in the iPhone's settings. You never know

Tc all and be blessed.

By Adam on Tuesday, February 25, 2014 - 02:39

To All, Has anyone encountered any issues with Voice Over after updating to 7.06? If so, what have you run into and would you still recommend updating? Thanks. Look forward to any responses. Regards, Adam

By Michael Hansen on Tuesday, February 25, 2014 - 02:39

Member of the AppleVis Editorial Team
Adam, I don't think I have ever said this before, but I would *absolutely* update to iOS 7.0.6 because of the security fixes--and because of what hackers can do to unprotected devices. As far as VoiceOver...we haven't seen any evidence to suggest that there have been any changes in iOS 7.0.6.
I haven't had any new VoiceOver issues since I updated. I haven't had a chance to see if any of the VoiceOver bugs from iOS 7.0.4 have been fixed yet, but I should be able to get around to that soon. I'll post something if I find that they've been fixed.

By KE7ZUM on Tuesday, February 25, 2014 - 02:39

In reply to by Michael Hansen

I see one problem and I'm not sure how long it's been around, but my phone will appear to freeze and vo will cease to function. I have to reset the spring board or do a reboot, either or, and sometimes reenable voice over with triple click home. I'm hoping ios7.1 when it comes out will fix this.

By Justin on Tuesday, February 25, 2014 - 02:39

Hello. I, too, am having the freezing issue. Sometimes when I pair a bt keyboard, the device completely freezes, and so I have to do a reboot. I hope this is fixed with 7.1. Otherwise, no new Voiceover changes. Please update your devices. Also, as stated in the applevis blog, if you run Mavericks, and are running 10.9.1, please, please update since there is the same SSL issue on mac as well. It seems like with Mavericks, voiceover is more smooth when it comes to Finder navigation. TC.

By MarkSarch on Tuesday, February 25, 2014 - 02:39

Hi Marrie interesting? remember the thread couple days ago about iOS crashes with apple own apps. http://www.applevis.com/forum/ios-ios-app-discussion/ios-crashes-apple-own-apps This issue was using iOS7.0.4 after doing the update to iOS7.0.6 since to be working better for me, I have seen less crashes but still presented on the current iOS. if I remember well those kind of freeze or crashes on the iOS devices I seeing since iOS7.01 I know is frustrating because voiceOver stay quiet_mute and sometimes doesn't back until reboot the device or enable voiceOver using the short cat triple click home, the only way that I ritch come back voiceOver was doing launch Siri and ask to turn voiceOver On follow for the triple click home. I have iPhone 5S and probably this voiceOver problem happens to me running iOS 7.04

By Josh C. on Tuesday, February 25, 2014 - 02:39

In reply to by Justin

My iPhone 5C and iPod touch haven't frozen or crashed, nor has VoiceOver frozen or crashed on either of them since the update. I just used my Bluetooth keyboard with my iPhone, and it works as normal. These issues could be specific to the iPhone 5S. Since the update, an issue I was having with iOS 7.0.4 and VoiceOver sometimes not reading alerts for things such as incorrect passwords, clearing all recents, etc, when I had Do Not Disturb enabled, appears to have been fixed.

By KE7ZUM on Tuesday, February 25, 2014 - 02:39

I have the problem with my 5 and saw it today with the update. I'm seeing it more in fact which is scaring me. I just did a system wide restore so we'll see if that helped So far it looks like it has. I'll keep playing with it and see.

By Jessica Brown on Tuesday, February 25, 2014 - 02:39

Just to let you know that if you are jailbroaken and you do not want to have to worry about updating and losing your apps, settings and media or you do not want to update for any other reason, you can just install something from Cydia called ssl patch. It is free and works for iOS 6.x and 7.x. That's what I did.

By Jasmine on Tuesday, February 25, 2014 - 02:39

Hey. Just wanted to let you all know. I'm running IOS6, iPhone 3gs and had to update through iTunes. When I tried though the phone it came up with an error. Hope this is useful information.

By MarkSarch on Tuesday, February 25, 2014 - 02:39

Hi Jasmine What kind of error are you facing and when it happens.

By KE7ZUM on Tuesday, February 25, 2014 - 02:39

I just updated OTA try that and it might or might not work better.

Be more specific when giving error messages. We cannot read your mind. This will help us troubleshoot the problem, and make our lives as tech support easier.

Take care.

By Michael Hansen on Tuesday, February 25, 2014 - 02:39

Member of the AppleVis Editorial Team
I think the user was just trying to provide information on how to work around Over-the-Air update errors vs. asking for advice on how to fix the error(s).