Apple's iOS 7.1.1 Update Is Now Available: Why It's a Bigger Deal Than You Think
Incorporating features such as CarPlay, UI enhancements such as the new call screen, and several bug fixes, iOS 7.1 was the first major update to Apple's operating system since iOS 7 was released in June of last year.
Now Apple has released a seemingly small update in the form of iOS 7.1.1, which contains several bug fixes—including one for a major security bug.
Just a couple of months ago, Apple issued an iOS 7.0.6 update in order to fix a security issue that could potentially allow hackers to steal usernames/passwords, read through your emails, and collect other private information. Much like the Heartbleed bug that sent widespread panic across the internet, this iOS bug allowed hackers to capture any information being sent through SSL—which is meant to secure your information when it's sent from your device to any server. All they had to do was create a program that masked itself as "trusted" and collect information through a method known as man-in-the-middle attacks.
Now, Apple is once again dealing with another vulnerability and they've been pretty hush about disclosing information, instead masking this most recent update as mostly "bug fixes". In this bug, hackers have the ability to bypass HTTPS encryption protections and monitor sensitive traffic being sent and received by any vulnerable devices. Working as a man-in-the-middle attack as well, the bug abuses the "triple handshake", which is used to secure connections and authenticate users. With this "triple handshake" attack, hackers can create two connections which have the same encryption keys and handshake. They then insert their own information into one connection and rewire it so that the private information may be forwarded between the victim and themselves, back and forth.
It should be noted that although this bug doesn't seem as serious as previous security flaws, that's only because it affects a smaller amount of applications. Regardless, it's still a major flaw, especially because the applications susceptible are mostly government and business apps.
If you're still running iOS 7.1 on your Apple device, you should update to iOS 7.1.1 immediately, in order to patch this most current security vulnerability.
As for improvements, this latest version of iOS enhances the Touch ID fingerprint recognition system (only for the iPhone 5S), which many complained became inaccurate and slow over time. According to early Twitter posts, Touch ID recognition is now much faster than before.
In addition, the bug fixes include a previous problem with keyboard responsiveness—dealing with the Bluetooth keyboard whenever the VoiceOver feature was enabled.
Finally, the update also includes support for new top-level domains like .camera and .photo in Safari, which probably hasn't been a big issue for most of you just yet, but it's a good step in the right direction considering the amount of top-level domains being created lately.