iOS 7.1.1 Adds Touch ID Improvements And Fixes SSL Vulnerability
Apple adds usability improvements and security fixes in iOS 7.1.1, including an SSL flaw not related to Heartbleed
Apple has issued a new version of iOS to compatible iPhone and iPad devices, bringing a number of improvements and security fixes to the mobile operating system, including an SSL vulnerability not connected to the recently revealed Heartbleed bug.
Secure Transport has been fixed to prevent an attacker with a “privileged network position” from capturing data or changing the operations performed in sessions protected by SSL.
iOS 7.1.1 security
“In a ‘triple handshake’ attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker’s data in one connection, and renegotiate so that the connections may be forwarded to each other,” says Apple. “To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection.”
Other security fixes are offered for vulnerabilities in the IOKit Kernel and CFNetwork HTTP Protocol, along with one for Webkit which prevents a malicious website from terminating an application due to memory corruption issues.
The other headline improvement to iOS 7.1.1 is the improved functionality to the Touch ID fingerprint sensor on the iPhone 5S, which was a major focus of the last iOS update amid claims that the sensor becomes less responsive after repeated use.
The new version also fixes a big that could impact keyboard responsiveness and another that affects the use of Bluetooth keyboards when VoiceOver functionality is enabled.
iOS 7.1.1 is available as an over-the-air (OTA) update for the iPhone 4, 4S, 5, 5C and 5S, iPad 2 or later and fifth-generation iPod Touch or later.
How much do you know about the iPhone? Take our quiz!