Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Apple updates iOS and Apple TV - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple updates iOS and Apple TV

Apple sent out 3 bulletins and OS updates today (iOS 6.1.3, iOS 7.0.6, and Apple TV 6.0.2) all fixing a bug that would potentially allow SSL/TLS connections to be vulnerable to undetected man-in-the-middle attacks.  All three updates share the same CVE number CVE-2014-1266.  The Apple Security updates page does not yet appear to have the updates listed there, but they should be there shortly (may be there by the time you read this).  If you have an Apple device running iOS 6 or 7 or Apple TV, you should probably apply these updates ASAP.

Ref: Apple Security Update page - http://support.apple.com/kb/HT1222

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Malware Reverse-Engineering Challenge - SANS San Francisco Fall 2018

Jim

402 Posts
ISC Handler
There is -nothing- at the site you reference with today's date:
- http://support.apple.com/kb/HT1222
... last entry is dated 11 Feb 2014.

And another thing: is it "official" that they've quit posting on (what was supposed to be) their "monthly" mailing lists?
> http://lists.apple.com/archives/security-announce/2013/Nov/index.html
APPLE-SA-2013-11-14-1 iOS 7.0.4
- http://lists.apple.com/archives/security-announce/2013/Dec/index.html
... the page you’re looking for can’t be found.
- http://lists.apple.com/archives/security-announce/2014/Jan/index.html
... the page you’re looking for can’t be found.
- http://lists.apple.com/archives/security-announce/2014/Feb/index.html
... the page you’re looking for can’t be found.
.
PC.Tech

34 Posts
When I refreshed the HT1222 page an hour ago, the new ones showed up. I don't know about the archives for the security-announce list, but I'm subscribed to the actual list and that's where I first saw the bulletins, so the list is still active.
Jim

402 Posts
ISC Handler
Thank you! - Here's what I found now:
___
iOS 7.0.6
- http://support.apple.com/kb/HT6147
Feb 21, 2014 - "... Data Security: Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later...
CVE-2014-1266..."
.
iOS 6.1.6
- http://support.apple.com/kb/HT6146
Feb 21, 2014 - "... Data Security: Available for: iPhone 3GS, iPod touch (4th generation)...
CVE-2014-1266..."
.
Apple TV 6.0.2
- http://support.apple.com/kb/HT6148
Feb 21, 2014 - "... Apple TV: Available for: Apple TV 2nd generation and later...
CVE-2014-1266..."
.
Apple Releases Security Updates for iOS devices and Apple TV
- https://www.us-cert.gov/ncas/current-activity/2014/02/21/Apple-Releases-Security-Updates-iOS-devices-and-Apple-TV
Feb 21, 2014
- http://support.apple.com/kb/HT1222
.
PC.Tech

34 Posts

Sign Up for Free or Log In to start participating in the conversation!