Apple iOS 7.04 Fixes App Store Purchase Flaw

Apple has released a new fix for iOS 7–no, it doesn’t roll your phone back to iOS 6–that patches a vulnerability that enabled a user to make app or in-app purchases without needing to enter a password.

The release of iOS 7.04 marks the third update of the iPhone operating system in the short time since Apple pushed out iOS 7 in September. The new OS represented a major change from the older operating systems, both in the look and feel of the software and in its functionality. There’s much zooming in and out and all about in iOS 7, as well as a blurry background that has drawn quite a bit of criticism.

iOs 7 also was a major security release, fixing issues with the iPhone’s certificate trust policy as well as remote code-execution vulnerabilities in the CoreGraphics and CoreMedia components. Quickly following the release of iOS 7 researchers discovered a method for bypassing the passcode lock on the iPhone using two different methods. Apple ended up fixing those in point releases in October.

Now, the company has pushed out another patch for iOS 7, this one with a single security fix.

“A signed-in user may be able to complete a transaction without providing a password when prompted. This issue was addressed by additional enforcement of purchase authorization,” the Apple advisory says.

To update, iPhone users can go to their Settings and install the software update.

Image from Flickr photos of Klaus.

Suggested articles


  • Noelene on

    I updated my phone. Since then the icons at the bottom don't work and I cannot get a keypad, I can't look up my contacts or access voicemail. I can see missed calls but the edit button doesn't work and the little i buttons at the edge of my screen don't work. Is there any fix for this. I really need to be able to be able to access the keypad to use the phone.
  • Jo on

    Upgraded to 7.04. I am now able to access Siri from the locked screen. How do I fix this?
  • J&j on

    Siri can allow you to interact with your iOS Device without needing to unlock it. If you have enabled a passcode on your iOS Device and would like to prevent Siri from being used from the lock screen, you can tap Settings, tap General, tap Passcode Lock and turn the Siri option to “off”.
    • Jo on

      I have the newest update and although I have gone to settings to prevent Siri from being available when screen is locked, Siri is still able to be activated. Seems to be a software issue.
  • Mike on

    Does the release of IOS 7.04 fix the man-in-the-middle vulnerability of iMessage?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.