Apple Released an Important Security Update for iPhone & iPad Users January 2016

Who Needs to Install Apple’s Newest ios 9.2.1 Update?

If all 3 of the below criteria are true:

  • You Use an iPhone or iPad
  • You Use Public WiFi’s
  • You’re Using ios 9

YOU SHOULD UPDATE TO 9.2.1!!!

Why?

ios 9 introduced an extremely serious security risk that Apple has just made public this week with their announcement of the security fixes included in the 9.2.1 update.  The risk crops up when users are using public WiFi’s such as those found at places like StarBucks, hotels and airports.  If someone is using an iPhone or iPad that’s been updated to ios 9 (that’s the new operating system that was released in September 2015 when the new iPhone 6s came out) on a public WiFi, the people around them, if so inclined, would be able to access and copy their private usernames, passwords, and any other personal information that their device has stored in cookies.

Apple hasn’t said whether or not the cookies at risk are only those used during an active session at that time, or if all cookies on that device are at risk.  But it’s probably safest to assume the worst and ensure that this can’t happen by installing the newest update.  If you want to read more about the risks you can read this article by hacker.com.

Good article by Hackernews.com explains the ios 9 cookie bug

To Learn the Exact Steps for Updating to ios 9.2.1

Rather than rewrite everything I wrote a few days ago again, please refer to my post about deleting apps that are stuck installing.  Scroll to the photo of the ios 9.2.1 screenshot where I provide both the steps as well as my advice about the best practices to ensure that updates install correctly.

What are Cookies & Am I Really Using Any?

Anytime you use your iPhone or iPad to visit a website, especially those that have logins…including sites like Facebook, Twitter, Instagram and SnapChat...you’re using cookies.  Cookies are created the first time you visit a site and updated during each visit…via the Safari web browser.  Other sites you may use that could include very personal data about you are banks, online retailers, medical clinics and hospital portals.  Basically,  any service providers you may use such as your internet service provider, your real estate broker, your lawyer or accountant…and even your High School classmates group if there’s an online place where you can exchange information.

Cookies are stored by all web browsers…not just Safari.  They are used to help your device access those websites quickly and they also allow the site to personalize your session.  But many people are unaware that websites store that cookie data on your device.  Even if people know that much they may not know how to manage them on their Apple devices.  For iPhones and iPads most cookies will be stored in settings for the built-in Safari web browser…but if you have other web browser apps, like Chrome, cookies will be stored for those sites again within the Chrome app’s settings too…and once again on your device.  If you use many different browsers, like I do sometimes, just the storage space alone can build up to be significant.  (FYI, another favorite browser app I use infrequently but LOVE when I need it is Photon…it’s a browser that lets me run flash based websites on my iPad or iPhone.)

You can find out which version of ios you’re on currently by going to Settings – General – Software Update”

Most websites store cookies responsibly…but some don’t.  The ones that don’t are called malicious or tracking cookies.  They store tracking code on your device that allow a history of your personal tastes and preferences to be compiled and then this information is sold to advertisers.  Wikipedia has a lot of great, easy to understand information about cookies.

If you’re on ios 9 and you want to see all the cookies that Safari is storing on your phone or iPad go to Settings – Safari then scroll to the bottom of the page and tap on Advanced – Website Data and wait for a short list to populate.  Below is a screenshot of the cookies on my iPad mini.  Notice at the top right that all the cookies on this iPad are using up 4.4 mb’s of storage.  If you tap on Show All Sites, a much longer list will be displayed.

Screenshot showing where cookies are stored on ios

You can and should periodically take a look at these and delete any cookies that you don’t recognize.  It pays to be liberal in choosing which cookies to delete.  You can’t really do much harm here because of you accidentally delete a cookie for a site that turns out to be fine by your standards, the cookie will be created and stored again as soon as you visit that site again.  The worst that can happen is that your login credentials will be removed but if you’re using Apple’s Keychain to store all your passwords they will remain in the keychain and Apple will ask you upon revisiting the site if you want those credentials to be entered automatically for you.

2 Ways to Delete Cookies

Manual Method

You can scroll through this list and just delete the cookies that you don’t recognize.  Any cookie that has the word ‘ad’ in it isn’t probably something you want.  Also ones that refer to ‘double click’ are also ad based tracking cookies you should get rid of.  Note that in my screenshot below right after I took this I deleted the 2 cookies named adsrvr.org and ispsurveys.website.  To do this tap on the word Edit at the top right to display a column of minus signs and then every time you encounter a cookie you don’t recognize just tap on the red minus sign next to its name and then on the word Delete when it appears.  See the screenshots below:

1st of 2 screenshots showing how to delete a cookie2nd of 2 screenshots showing how to delete a cookie

Automatically Delete All Cookies

If you want to wipe out all the cookies from here tap on the word Advanced at the top middle portion of your screen, then tap on Safari and then on the blue words ‘Clear History and Website Data.’   See the screenshot below:

Screenshot showing where to delete all cookies on ios 9

You might want to change more of the settings pertaining to how Safari manages your personal data while you’re at this screen in settings too.  You can see some of how I manage mine from the above screenshot.  You’ll note that I don’t block tracking cookies by turning on the Do Not Track button because I do actively manage my cookies…although probably not as frequently as I should!

What About Visiting Those Same Sites Using an App…Not Safari?  Are Cookies a Threat Then?

Frankly, I don’t know.  I’ve researched this a little (OK…not that much) and haven’t found a conclusive answer…especially as it pertains to this recently discovered security hole.  But what I can tell you is this.  Every time you are using a public WiFi your device is exchanging personal data, like your login credentials, with any site or service that you may happen to use…whether it’s doing this from Safari or from within an app is irrelevant…the data exchange occurs regardless.  So in essence,  using public WiFi’s is inherently more risky than using private ones like those at home or work…that’s assuming your work environment offers a secured network meaning one that you need to enter a password to join.

How to Stay on Top of Online Security News

Hacking has become public enemy #1.  There have never been as many threats as those we face today online.  This shouldn’t scare you, but it should help you recognize that learning enough about how to manage and keep your information secure is important.  

It’s a constantly changing playing field but there are tons of great resources at your disposal for staying abreast of the changes…my website is one of them.  You can subscribe to follow me and receive an email when I write something new.  Other sources that I use for this information are Dashlane, my password manager, which automatically alerts me when sites I use are breached, and Twitter.  I follow quite a few security sites offering the latest news on threats.  A few of those are:

Twitter accounts focusing on security:

  1. @HNTweets
  2. @briankrebs
  3. @schneierblog
  4. @taosecurity
  5. @Malwarebytes
  6. @ZDNet
  7. @StopMalvertisin
  8. @LightPointSec

Advertisements

About vsajewel

Hi...I'm the author of 2 main blogs on WordPress.com. vsatips...which is about tech tips for mobile devices like cellphones & tablets. vsatrends, my 2nd blog, is focused more on lifestyle trends...especially those with a strong design element. I also host a YouThe channel which includes aspects of both websites.
This entry was posted in Apple, ios 9, Security and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s