Apple has released short of jailbreaking — without going all the way to iOS 7.0.6.) On the Apple TV, download the update in Settings > General > Software Updates > Update Software.,  (for the iPhone 3GS and fourth-generation iPod touch only), and , which you should update to immediately, as they fix a critical SSL/TLS vulnerability that could make it possible for your online accounts and financial information to be compromised. On iOS, you can download the updates in Settings > General > Software Update or update through iTunes. (Unfortunately, if you have resisted upgrading to iOS 7 on a device that otherwise supports it, there’s no way to close the vulnerability —
The vulnerability also affects Mac OS X, which remains unpatched as of this writing, but “very soon,” likely in OS X 10.9.2. In the meantime, we recommend avoiding the Safari Web browser, and instead using Google Chrome or Firefox, which are unaffected by the bug. You can check whether your browser is vulnerable by . Other Mac apps remain vulnerable until a general fix is released, and, if possible, it would be best to avoid unsecured public Wi-Fi networks as well, though the likelihood of significant exploits that take advantage of this vulnerability becoming widespread before Apple releases a fix are low.
The revolves around Apple’s code not checking signatures in TLS Server Key Exchange messages, which could allow an attacker to use  to spoof an SSL server.
Security analysts have determined that the vulnerability was in the operating system source code. Developer Jeffrey Grossman  that the vulnerability began in iOS 6.0, but did not exist in iOS 5.1.1, giving it a nearly 18-month history.
John Gruber of Daring Fireball cross-referenced the release date of iOS 6.0, 24 September 2012, with a leaked PowerPoint deck on the NSA’s PRISM program, which states that Apple was added to the program in October 2012. While Gruber says that, the NSA has been known to .