Apple improves security in iOS 7.1.2, iCloud.com

While all eyes are on this Fall when Apple will release iOS 8, Apple hasn’t completely forgotten about iOS 7.  Apple released iOS 7.1 this past March, released iOS 7.1.1 this past April, and yesterday releases iOS 7.1.2.  The update fixes a few bugs, but perhaps more importantly, patches a security flaw that was discovered soon after iOS 7.1.1 was released.  Apparently with iOS 7.1.1 installed, while emails on an iPhone (and iPad) were protected with encryption, attachments to emails were not encrypted.  It was difficult for any hacker to exploit the bug because — unless you were using a jailbroken iPhone 4 — the hacker would have to have physical access to your iPhone and would have to figure out your passcode or otherwise find a way to jailbreak the iPhone, as noted by AppleInsider in early May.  My sincere hope is that all attorneys using iPhones have a passcode and are not using a jailbroken device.  But even though this hack was difficult to execute in practice, and I haven’t seen any published reports of it being exploited, it was still a security flaw that should have been fixed.  I’m glad that Apple fixed it in iOS 7 rather than wait until iOS 8 to get it fixed.

While that was the most prominent security flaw addressed in iOS 7.1.2, Bryan Chaffin of The Mac Observer reports that, according to Apple’s security release notes, 35 security bugs were fixed, such as a security flaw by which a hacker could use Siri to access contacts on an iPhone without a password.

iOS 7.1.2 addresses a few other minor bugs too, such as improving support for iBeacon, a service rarely used today but which may be used more in the future that uses low-power Bluetooth 4.0 to provide your iPhone with alerts and other information based on its location.  But the real reason to update is to fix the security issues just in case a bad guy ever gets access to your iPhone, which hopefully will never happen.  As Justice Roberts reminded us last week in Riley v. California, an iPhone can contain a lot of private information.

I suspect that all iPhone J.D. readers have installed a software update on their iPhone (and iPad) by now because it is easy to do.  You can wait for your iPhone to alert you that an update is available, or you can update now by opening up the Settings app, selecting General, and then selecting Software Update.  Then simply follow the instructions to download the update and install it.  It takes several minutes to install the update, then your iPhone will reset, and then you are done.

Please be aware that before performing any update on an iPhone or iPad, I strongly recommend that you backup your device.  The easy way to do it is to connect to a computer running iTunes, but I know that many people instead backup to iCloud.  Either way, you want to make sure that you have a way to restore the data to your device if something goes wrong during the update.

For iOS 7.1.2, this advice is especially warranted.  While the update has apparently gone smoothly for most people, be warned that I’ve seen some reports of people having trouble with the update, and I can confirm the problem.  While the update worked fine on my iPhone 5s and my iPad Air, when I tried to install the update on my (first generation) iPad mini, my device froze in the middle of the update and I had to do a hard reset on the device (hold down the power button at the top and the home button for about 10 seconds).  Depending upon when the problem occurred, you may not have to do anything more, but with my iPad mini I was forced to connect to a computer running iTunes and do a factory restart.  It was then easy enough to restore all of the data from a backup, but again, you have to have that backup in the first place.  So make sure that you have a backup before you install iOS 7.1.2, and you might even consider waiting a few days to see if Apple does something to address this rare problem with applying the update to some devices.

iOS 7.1.2 was not Apple’s only security update yesterday.  Apple has also started to add two-factor authentication to iCloud.com, as reported by Chuong Nhuyen of iMore.  I recommend that everyone have two-factor authentication enabled on your Apple ID.  (Click here to learn how.)  That way, even if someone learns your password and tries to download apps, music, etc. — or more importantly, access your Pages, Numbers and Keynote documents — using your password on a device that is not yours, they will not be able to do so.  Once two-factor authentication is turned on for your account, activating a new device requires having access to your iPhone so that you can see the security code sent to it.  In other words, a hacker would need both your password and physical access to your iPhone to use your account on a device that you do not own.  This makes good sense.