iOS 7.1.1 Adds Touch ID Improvements And Fixes SSL Vulnerability

Apple has issued a new version of iOS to compatible iPhone and iPad devices, bringing a number of improvements and security fixes to the mobile operating system, including an SSL vulnerability not connected to the recently revealed Heartbleed bug.

Secure Transport has been fixed to prevent an attacker with a “privileged network position” from capturing data or changing the operations performed in sessions protected by SSL.

iOS 7.1.1 security

“In a ‘triple handshake’ attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker’s data in one connection, and renegotiate so that the connections may be forwarded to each other,” says Apple. “To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection.”

Other security fixes are offered for vulnerabilities in the IOKit Kernel and CFNetwork HTTP Protocol, along with one for Webkit which prevents a malicious website from terminating an application due to memory corruption issues.

The other headline improvement to iOS 7.1.1 is the improved functionality to the Touch ID fingerprint sensor on the iPhone 5S, which was a major focus of the last iOS update amid claims that the sensor becomes less responsive after repeated use.

The new version also fixes a big that could impact keyboard responsiveness and another that affects the use of Bluetooth keyboards when VoiceOver functionality is enabled.

iOS 7.1.1 is available as an over-the-air (OTA) update for the iPhone 4, 4S, 5, 5C and 5S, iPad 2 or later and fifth-generation iPod Touch or later.

How much do you know about the iPhone? Take our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

1 hour ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

4 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

4 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

5 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

22 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

23 hours ago