iOS 7.1.1 Adds Touch ID Improvements And Fixes SSL Vulnerability

Apple has issued a new version of iOS to compatible iPhone and iPad devices, bringing a number of improvements and security fixes to the mobile operating system, including an SSL vulnerability not connected to the recently revealed Heartbleed bug.

Secure Transport has been fixed to prevent an attacker with a “privileged network position” from capturing data or changing the operations performed in sessions protected by SSL.

iOS 7.1.1 security

“In a ‘triple handshake’ attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker’s data in one connection, and renegotiate so that the connections may be forwarded to each other,” says Apple. “To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection.”

Other security fixes are offered for vulnerabilities in the IOKit Kernel and CFNetwork HTTP Protocol, along with one for Webkit which prevents a malicious website from terminating an application due to memory corruption issues.

The other headline improvement to iOS 7.1.1 is the improved functionality to the Touch ID fingerprint sensor on the iPhone 5S, which was a major focus of the last iOS update amid claims that the sensor becomes less responsive after repeated use.

The new version also fixes a big that could impact keyboard responsiveness and another that affects the use of Bluetooth keyboards when VoiceOver functionality is enabled.

iOS 7.1.1 is available as an over-the-air (OTA) update for the iPhone 4, 4S, 5, 5C and 5S, iPad 2 or later and fifth-generation iPod Touch or later.

How much do you know about the iPhone? Take our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago