Apple iOS 7.x < 7.0.6 / 6.x < 6.1.6 Data Security Vulnerability

Medium

Synopsis

The remote host is running a version of iOS that is missing an update related to the security of data in transit.

Description

The remote host is an iPhone, iPod Touch, or iPad running a version of iOS that is older than version 7.0.6 or 6.1.6, which means that it is missing an update that restores missing validation steps when conducting a SSL/TLS session. This error could allow an attacker to spoof a server and modify or view sensitive information between it and the iOS device.

Solution

Users of iOS 6.x should upgrade to 6.1.6 or later. Users of iOS 7.x should upgrade to 7.0.6 or later.