APPLE-SA-2014-02-21-1 iOS 6.1.6

Type securityvulns
Reporter Securityvulns
Modified 2014-02-28T00:00:00



APPLE-SA-2014-02-21-1 iOS 6.1.6

iOS 6.1.6 is now available and addresses the following:

Data Security Available for: iPhone 3GS, iPod touch (4th generation) Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps. CVE-ID CVE-2014-1266

Installation note:

This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

  • Navigate to Settings
  • Select General
  • Select About. The version after applying this update will be "6.1.6".

Information will also be posted to the Apple Security Updates web site:

This message is signed with Apple's Product Security PGP key, and details are available at:

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools -

iQIcBAEBAgAGBQJTBpNtAAoJEPefwLHPlZEwqcUP/0YJ7TXUy+Tpl3d+A0auJDYC IbSALoQW0qipyJVLLTwlTIMwUC+FI/oiAZCy6ku/Y0qz9zx972GVa1W46H5szJiY HJsTKOCnUgV6IqPeH902oOSl4A7cvBspZ6uR3veUwRoKGN0prKRcaTgTYkLpDu48 U8Jy4x7AVHUUHf7gcBKdS4KFE9f0C5ykRAIbJwxwe1NOyD1YbLYYfDXxykGbD3c5 57VfU7aQDjv/X7iBHfDbSW3VAQEGqXFK+OhCCP4qC0ZL/7YgmjjvGCBjIoOsmoED 3MaOELBFmjZcnp8gQ0UocrEknqoDVhiOtQddBQgCFlF5fFh3OGJDVX0RczX1u2Nd cNXgoG9No/HXG+hNhce5c7SjvZeJ2O5TiHwmm8jBGCSpKpod1qjiwReANZJs6yoo 7h5E8FV4/dkSCmuPp1l/GoOFAPmt0gjCft5Fdv7K/kzvs54nqQ8ndF9Jn2Fe+D4U M5iRd26WWN77KX6x6PKSNLwwdz7VgDE5j8gEOzoTSPEY3ramkmkZQWgi5rq91W70 5KHD638D0/BgFtdy7W1ZcD3bms0jK13xxJOg2BZmhgL3Zh1btxSFK01voq2CYN8N KTt4cbq/6YMEeI3jr+TNDJA/5EKPCt3OCiexOze1XrqAnSdtrBeKNG4REjpxqG31 5HZpIZ+X2Pl9XIRpbryt =m1BF -----END PGP SIGNATURE-----