My next class:
LINUX Incident Response and Threat HuntingOnline | Japan Standard TimeOct 21st - Oct 26th 2024

Apple updates iOS and Apple TV

Published: 2014-02-21. Last Updated: 2014-02-21 22:05:13 UTC
by Jim Clausing (Version: 1)
3 comment(s)

Apple sent out 3 bulletins and OS updates today (iOS 6.1.3, iOS 7.0.6, and Apple TV 6.0.2) all fixing a bug that would potentially allow SSL/TLS connections to be vulnerable to undetected man-in-the-middle attacks.  All three updates share the same CVE number CVE-2014-1266.  The Apple Security updates page does not yet appear to have the updates listed there, but they should be there shortly (may be there by the time you read this).  If you have an Apple device running iOS 6 or 7 or Apple TV, you should probably apply these updates ASAP.

Ref: Apple Security Update page - http://support.apple.com/kb/HT1222

---------------
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

Keywords: apple tv iOS
3 comment(s)
My next class:
LINUX Incident Response and Threat HuntingOnline | Japan Standard TimeOct 21st - Oct 26th 2024

Comments

There is -nothing- at the site you reference with today's date:
- http://support.apple.com/kb/HT1222
... last entry is dated 11 Feb 2014.

And another thing: is it "official" that they've quit posting on (what was supposed to be) their "monthly" mailing lists?
> http://lists.apple.com/archives/security-announce/2013/Nov/index.html
APPLE-SA-2013-11-14-1 iOS 7.0.4
- http://lists.apple.com/archives/security-announce/2013/Dec/index.html
... the page you’re looking for can’t be found.
- http://lists.apple.com/archives/security-announce/2014/Jan/index.html
... the page you’re looking for can’t be found.
- http://lists.apple.com/archives/security-announce/2014/Feb/index.html
... the page you’re looking for can’t be found.
.
When I refreshed the HT1222 page an hour ago, the new ones showed up. I don't know about the archives for the security-announce list, but I'm subscribed to the actual list and that's where I first saw the bulletins, so the list is still active.
Thank you! - Here's what I found now:
___
iOS 7.0.6
- http://support.apple.com/kb/HT6147
Feb 21, 2014 - "... Data Security: Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later...
CVE-2014-1266..."
.
iOS 6.1.6
- http://support.apple.com/kb/HT6146
Feb 21, 2014 - "... Data Security: Available for: iPhone 3GS, iPod touch (4th generation)...
CVE-2014-1266..."
.
Apple TV 6.0.2
- http://support.apple.com/kb/HT6148
Feb 21, 2014 - "... Apple TV: Available for: Apple TV 2nd generation and later...
CVE-2014-1266..."
.
Apple Releases Security Updates for iOS devices and Apple TV
- https://www.us-cert.gov/ncas/current-activity/2014/02/21/Apple-Releases-Security-Updates-iOS-devices-and-Apple-TV
Feb 21, 2014
- http://support.apple.com/kb/HT1222
.

Diary Archives