Apple has finally moved its iOS security update mechanism to HTTPS with today’s release of iOS 10. Previously, updates were sent to devices over HTTP and attackers already present on a network could potentially intercept and manipulate updates.
“An issue existed in iOS updates, which did not properly secure user communications. This issue was addressed by using HTTPS for software updates,” Apple said in its advisory, adding that a man-in-the-middle attacker could block devices from receiving updates.
Leave a reply