Apple Released an Important Security Update for iPhone & iPad Users January 2016

Posted on January 23, 2016 by vsajewel

Who Needs to Install Apple’s Newest ios 9.2.1 Update?

If all 3 of the below criteria are true:

  • You Use an iPhone or iPad
  • You Use Public WiFi’s
  • You’re Using ios 9

YOU SHOULD UPDATE TO 9.2.1!!!

Why?

ios 9 introduced an extremely serious security risk that Apple has just made public this week with their announcement of the security fixes included in the 9.2.1 update.  The risk crops up when users are using public WiFi’s such as those found at places like StarBucks, hotels and airports.  If someone is using an iPhone or iPad that’s been updated to ios 9 (that’s the new operating system that was released in September 2015 when the new iPhone 6s came out) on a public WiFi, the people around them, if so inclined, would be able to access and copy their private usernames, passwords, and any other personal information that their device has stored in cookies.

Apple hasn’t said whether or not the cookies at risk are only those used during an active session at that time, or if all cookies on that device are at risk.  But it’s probably safest to assume the worst and ensure that this can’t happen by installing the newest update.  If you want to read more about the risks you can read this article by hacker.com.

Good article by Hackernews.com explains the ios 9 cookie bug

To Learn the Exact Steps for Updating to ios 9.2.1

Rather than rewrite everything I wrote a few days ago again, please refer to my post about deleting apps that are stuck installing.  Scroll to the photo of the ios 9.2.1 screenshot where I provide both the steps as well as my advice about the best practices to ensure that updates install correctly.

What are Cookies & Am I Really Using Any?

Anytime you use your iPhone or iPad to visit a website, especially those that have logins…including sites like Facebook, Twitter, Instagram and SnapChat...you’re using cookies.  Cookies are created the first time you visit a site and updated during each visit…via the Safari web browser.  Other sites you may use that could include very personal data about you are banks, online retailers, medical clinics and hospital portals.  Basically,  any service providers you may use such as your internet service provider, your real estate broker, your lawyer or accountant…and even your High School classmates group if there’s an online place where you can exchange information.

Cookies are stored by all web browsers…not just Safari.  They are used to help your device access those websites quickly and they also allow the site to personalize your session.  But many people are unaware that websites store that cookie data on your device.  Even if people know that much they may not know how to manage them on their Apple devices.  For iPhones and iPads most cookies will be stored in settings for the built-in Safari web browser…but if you have other web browser apps, like Chrome, cookies will be stored for those sites again within the Chrome app’s settings too…and once again on your device.  If you use many different browsers, like I do sometimes, just the storage space alone can build up to be significant.  (FYI, another favorite browser app I use infrequently but LOVE when I need it is Photon…it’s a browser that lets me run flash based websites on my iPad or iPhone.)

You can find out which version of ios you’re on currently by going to Settings – General – Software Update”

Most websites store cookies responsibly…but some don’t.  The ones that don’t are called malicious or tracking cookies.  They store tracking code on your device that allow a history of your personal tastes and preferences to be compiled and then this information is sold to advertisers.  Wikipedia has a lot of great, easy to understand information about cookies.

If you’re on ios 9 and you want to see all the cookies that Safari is storing on your phone or iPad go to Settings – Safari then scroll to the bottom of the page and tap on Advanced – Website Data and wait for a short list to populate.  Below is a screenshot of the cookies on my iPad mini.  Notice at the top right that all the cookies on this iPad are using up 4.4 mb’s of storage.  If you tap on Show All Sites, a much longer list will be displayed.

Screenshot showing where cookies are stored on ios

You can and should periodically take a look at these and delete any cookies that you don’t recognize.  It pays to be liberal in choosing which cookies to delete.  You can’t really do much harm here because of you accidentally delete a cookie for a site that turns out to be fine by your standards, the cookie will be created and stored again as soon as you visit that site again.  The worst that can happen is that your login credentials will be removed but if you’re using Apple’s Keychain to store all your passwords they will remain in the keychain and Apple will ask you upon revisiting the site if you want those credentials to be entered automatically for you.

2 Ways to Delete Cookies

Manual Method

You can scroll through this list and just delete the cookies that you don’t recognize.  Any cookie that has the word ‘ad’ in it isn’t probably something you want.  Also ones that refer to ‘double click’ are also ad based tracking cookies you should get rid of.  Note that in my screenshot below right after I took this I deleted the 2 cookies named adsrvr.org and ispsurveys.website.  To do this tap on the word Edit at the top right to display a column of minus signs and then every time you encounter a cookie you don’t recognize just tap on the red minus sign next to its name and then on the word Delete when it appears.  See the screenshots below:

1st of 2 screenshots showing how to delete a cookie2nd of 2 screenshots showing how to delete a cookie

Automatically Delete All Cookies

If you want to wipe out all the cookies from here tap on the word Advanced at the top middle portion of your screen, then tap on Safari and then on the blue words ‘Clear History and Website Data.’   See the screenshot below:

Screenshot showing where to delete all cookies on ios 9

You might want to change more of the settings pertaining to how Safari manages your personal data while you’re at this screen in settings too.  You can see some of how I manage mine from the above screenshot.  You’ll note that I don’t block tracking cookies by turning on the Do Not Track button because I do actively manage my cookies…although probably not as frequently as I should!

What About Visiting Those Same Sites Using an App…Not Safari?  Are Cookies a Threat Then?

Frankly, I don’t know.  I’ve researched this a little (OK…not that much) and haven’t found a conclusive answer…especially as it pertains to this recently discovered security hole.  But what I can tell you is this.  Every time you are using a public WiFi your device is exchanging personal data, like your login credentials, with any site or service that you may happen to use…whether it’s doing this from Safari or from within an app is irrelevant…the data exchange occurs regardless.  So in essence,  using public WiFi’s is inherently more risky than using private ones like those at home or work…that’s assuming your work environment offers a secured network meaning one that you need to enter a password to join.

How to Stay on Top of Online Security News

Hacking has become public enemy #1.  There have never been as many threats as those we face today online.  This shouldn’t scare you, but it should help you recognize that learning enough about how to manage and keep your information secure is important.  

It’s a constantly changing playing field but there are tons of great resources at your disposal for staying abreast of the changes…my website is one of them.  You can subscribe to follow me and receive an email when I write something new.  Other sources that I use for this information are Dashlane, my password manager, which automatically alerts me when sites I use are breached, and Twitter.  I follow quite a few security sites offering the latest news on threats.  A few of those are:

Twitter accounts focusing on security:

  1. @HNTweets
  2. @briankrebs
  3. @schneierblog
  4. @taosecurity
  5. @Malwarebytes
  6. @ZDNet
  7. @StopMalvertisin
  8. @LightPointSec

About vsajewel

Hi...I'm the author of 2 main blogs on WordPress...vsatips...where I write tech tips for mobile devices...primarily ios...2nd is vsatrends...where I write less about tech things and more about everything else. I also host a YouTube channel which I use to better illustrate some of the 'how to's' in my posts. I love everything about technology. Currently, my main interests/platforms are ios, Windows and Amazon Echo. Recently I decided we were spending way too much money with our local cable provider. So I decided to cut the cord. There is a definite learning curve, especially the antennae part, but we successfully did that and are now saving a boatload of money, so I write some about that. I also am extremely conscientious about security because of an event my family endured , so I write a lot about that too. Two sub-categories of security I tend to focus on are the password manager Dashlane and Hardware Firewalls. Last, I take a lot of notes and have been a beta tester for Evernote for many years. I love Evernote! In recent years Apple has beefed up Apple Notes a lot...so it’s become a fairly serious note contender...as long as its OK if you lose or mess up all your Apple note data. I write about those 2 note platforms primarily.
This entry was posted in Apple, ios 9, Security and tagged , , , . Bookmark the permalink.

Please leave any comments or questions here and thanks for visiting!

This site uses Akismet to reduce spam. Learn how your comment data is processed.