So, I've seen lots of posts in the Twitterverse and FB about how the SSL problem before 7.0.6 is the worst thing ever, and pretty much guarantees you'll get hacked/become a victim of identity theft, etc., etc. However, the little I've seen posted here seems to indicate the 7.0.6 upgrade is really not that critical. Needless to say, I'm confused
1) How much of a real-world threat is the pre-7.0.6 security flaw?
2) How far back in iOS does it extend? Does it affect iOS 6, or just earlier versions of 7?
3). If the former, and the problem is severe, does someone like me, who has clung to 6.1.3 on my 4s because I can't stand Jon Ivie's uglification of what was a great device look-and-feel, have no choice but to bite the bullet and "upgrade" to an iOS that'll have me looking enviously at Android users, or else be at risk of getting hacked? Or is there some way to avoid being forced to adopt the post-Jobs "new look" without putting myself in peril? Thanks for any advice you can give me.
To put it in Layman's terms
1) Pretty dangerous in a current era where technology rules us all. This only
really applies to public wifi hotspots and such, but can also affect networks as home. Essentially it affects anyone that connects to a wireless network that's not properly maintained by someone savvy in security.
2) It started with iOS 6. To correct the issue on iOS 6 legacy devices such as the iPhone 3GS and iPod Touch 4th Generation, Apple has released iOS 6.1.6 as these devices are not supported on iOS 7. For iOS 7 capable devices, 7.0.6 was released to resolve the issue.
3) For the 4S, the only ways to get the SSL fix, is if you either upgrade to iOS 7.0.6. Or, if you insist on staying on iOS 6.1.3, either not connect to a wifi network that you cannot verify whether it's being maintained and kept on top of security, and that it's not flawed (which is impossible unless you're hardwired to the network which you can't do on an iPhone, iPad, iPod Touch). Or, jailbreak your device on iOS 6.1.3 and install a fix through Cydia that patches the issue without forcing you to upgrade to iOS 7. The risk of getting hacked depends on whether the person that has malicious intents is aware of whether or not your device is on iOS 6.1.6/7.0.6 or has the SSL patch if jailbroken.
Getting "hacked" to the relative term, cannot be done through SSL. The person with malicious intent can redirect your communication data to/from somewhere else. The only time where it poses a hack risk is if the person redirects your request to their own server, and they ask for you to install something via a localhost, in which case you can possibly be installing spyware or malware through an Apple certified distribution license. Like emails and pop-ups, if you don't know what it is, exit it out or ignore it. Don't open it, etc.
Getting hacked aside, the person may be able to phish for your data, which is why it's important to have the fix. Apple's emphasis is really on security of your device, and places an even higher emphasis on the security of your data and information, hence the "10 incorrect password will blow up your phone" feature for your passcode lock in case you're an executive or someone of a high stand on a corporate/information-sensitive hierarchy. The SSL fix targets your data because when you're connected to say your banking website lets say. The hacker can divert your communication requests and packets to their own server, which then leads it back to the real deal. When you put your data in, the hacker will be able to read the input. Then when the bank's servers sends its data back to you, the hacker will have access to what you see and what the bank is sending to you. That's the real flaw that Apple is addressing.
Getting hacked on an iPhone/iPad/iPod Touch (frankly) is extremely trivial. Sure you can get "hacked", but the person won't be able to do anything because unless they have physical access to your device, it's impossible to fully "hack" your device. They can phish for some residual surface data such as your Safari or web browser history, or what apps you have, or what music you have, but nothing like your Passbook data, your bank logins, your AppleID etc because of the iOS sandboxing.
TL;DR: The SSL fix can be viewed difference and ranked differently in importance. Should you get the patch? Yes, it's always best to be safe than sorry. Must you get the patch? No you're not forced to get it (unless you upgrade your iOS that is), but just know that you are semi-vulnerable. If you do not do any banking or inputting of credit card or any sensitive life-information, then you have next to nothing to worry about by not having the SSL patch. Can the person cause your phone to blow up in your pocket if you don't get this patch? Not even close.
