Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
iPhone Newsforums, a part of the
iOS 7.0.6 was released a couple of days ago with a fix for a really nasty SSL connection verification bug that could leave you susceptible to man-in-the-middle attacks on wireless...
02-23-2014, 10:54 AM #1
Why You Should Update to iOS 7.0.6 if You Haven't Already
iOS 7.0.6 was released a couple of days ago with a fix for a really nasty SSL connection verification bug that could leave you susceptible to man-in-the-middle attacks on wireless networks from people with malicious intent snooping on your Web activity.
Since SSL connection verification is commonly used in secure Web communication for Web sites like PayPal and other banking or money-handling Web sites, having this bug would have left you wide open to an inexperienced "hacker" that wants to listen in on your Web activity and steal information, or worse, money.
The vulnerability affected many iOS devices on different firmware versions, and Mac OS X machines are also still plagued by the bug. While Apple released iOS 7.0.6 to fix the problem on iOS devices, they have not yet answered the Mac OS X community and are expected to in the near future.
Notably, iOS 7.0.6 can still be jailbroken by evasi0n7, so if you haven't updated to iOS 7.0.6 yet, we would highly recommend that you do go through with the update so that you protect yourself from the nasty SSL connection verification bug. iOS hacker pod2g announced on Twitter yesterday that the bug can affect your security in Mobile Safari, Mail, Facebook, Twitter, and Messages among several other different kinds of applications:
Pod2g also recommends updating to iOS 7.0.6 instead of installing some home-brew fix for the SSL connection verification bug, as this is ultimately the safest and most secure way to go about things.
Since OTA (over the air) updating is disabled on devices jailbroken with evasi0n7, if you're already jailbroken on an earlier version of iOS, then you should download the update through iTunes. You should perform an iTunes backup of your iOS device to save all of your user settings and personal data before going through with the update, and you can right-click on your device on the left sidebar of iTunes and click "transfer purchases" to make sure that all of your apps, music, and other content gets transferred to your library.
After you've backed up your iOS device and everything on it, you can then place your device into DFU mode and restore to the iOS 7.0.6 firmware you downloaded. Once the restore is finished, you can choose to restore your iOS device from a backup in iTunes, and you can select the backup you made prior to the restore.
After your device is running iOS 7.0.6 and your settings, applications, and media have all been restored and synced, you can launch the latest version of evasi0n7 (version 1.0.6), which was released just yesterday with support for iOS 7.0.6, and you can jailbreak your iOS device and re-download all of the jailbreak tweaks that you had installed prior to updating your iOS device. Because you made a backup, all of your jailbreak tweak settings should all still be there and you shouldn't have to reconfigure them (I didn't have to for mine).
For a guide on how to jailbreak your iOS 7.0.6 device, whether you're re-jailbreaking or jailbreaking your iOS 7.0.6 device for the first time, you can follow this link.
If you plan on going through with the update, you should do so soon. iOS 7.1 is reportedly launching in the middle of March and it patches the evasi0n7 jailbreak. You should get yourself to iOS 7.0.6 soon so that you're not forced to upgrade to iOS 7.1 when it comes out. Once it's out, Apple won't sign iOS 7.0.6 anymore.
Last edited by Anthony Bouchard; 02-23-2014 at 11:11 AM.
02-23-2014, 11:00 AM #2
So if I only use secured wifi and 3G, I'm safe?
02-23-2014, 11:02 AM #3
02-23-2014, 11:06 AM #4
I am still on 6.1 and will definitely NOT update, so is there a possibility to manually fix the bug on my phone in security.framework?
02-23-2014, 11:07 AM #5
02-23-2014, 11:19 AM #6
The only glitch I ran into was, iTunes wouldn't do the download+update in one step. I had to choose the Download-only option, then update. Of course I backed up first on iTunes. I also have the Cydia app PKGBackup installed, so I used that too to save all my Cydia apps and settings.
After that the evasi0n jailbreak was easy and I first restored PKGBackup, then recovered all previous Cydia apps. To my surprise I didn't even have to provide any passwords again and everything, including my prior jailbreak icon configuration, was restored. So it was as easy as could be but still took a couple of hours waiting for the iTunes download, synching, backup, restore, etc. but well worth it to patch this serious security hole. Damn good thing this was fixed now and not in 7.1.
02-23-2014, 11:33 AM #7
I'd love to update but I'm getting a 2005 error code since I'm jailbroken,I'd have to edit my host file or something like that,which Never worked for me
02-23-2014, 11:48 AM #8
I updated as soon as I got the time to. I hate starting over (unless it's for an x.0 beta), but with this, I totally did it. I advise everyone to get this update and then maybe a VPN like Cloak or something for public wifi.
02-23-2014, 12:12 PM #9
It takes a whole day to transfer everything back to my 64GB iPhone. I'm really not looking forward to this update. Likewise on my 64GB iPad, but I can live without that for a day.They can have my jailbreak when they pry it from my cold dead fingers.
02-23-2014, 12:19 PM #10
Is this really worth all the trouble of backing up data, restoring, updating, and re-jailbreaking? Can't i just use a VPN for SSL Connections?
02-23-2014, 12:30 PM #11
The Following User Says Thank You to Fafner For This Useful Post:
02-23-2014, 12:36 PM #12
02-23-2014, 01:10 PM #13
Ugh I really don't want to unjailbreak and rejailbreak but sounds like it would be wise to so guess I will start the process
02-23-2014, 01:22 PM #14
Last edited by buggsy2; 02-23-2014 at 01:25 PM.
02-23-2014, 01:43 PM #15
Went smoothly. Wonder what 7.1 is going to be like.....
02-23-2014, 01:44 PM #16
Thank you Anthony for this important information. I will update right away.
02-23-2014, 02:11 PM #17
PkgBackup is a savior
The Following User Says Thank You to bisayakid07 For This Useful Post:
02-23-2014, 02:48 PM #18
hackers can look at my iphone all they want. I never put personal or critical info in my phone anyway. I don't have the patience to do everything all over again specially with 7.1 looming.
02-23-2014, 06:45 PM #19
02-24-2014, 06:00 AM #20
Many apps/tweaks I had on 7.0.4 don't seem to work on 7.0.6 or I can't even find on my sources (MultiIconMover+).
Now did I miss something here or developers have to release a compatible version of their apps to work with 7.0.6?