Apple devices are subject to a bug in a core crypto library where one line of errant code – the self-describing bug “goto fail;” – causes SSL connections to be untrustworthy.
IOS systems have a patch (and you should upgrade now); we’re waiting for the OS X hotfix.
Some good analysis on Twitter of late, and this article on Wired: Behind iPhone’s Critical Security Bug, a Single Bad ‘Goto’ –
Apple released iOS 7.0.6 yesterday to patch the bug in its implementation of SSL encryption — the internet’s standard defense against eavesdropping and web hijacking. The bug essentially means that when you’re e-mailing, tweeting, using Facebook or checking your bank account from a shared network, like a public WiFi or anything tapped by the NSA, an attacker could be listening in, or even maliciously modifying what goes to your iPhone or iPad.
How to test if you are at risk? The aptly named gotofail.com has a simple and non-destructive test.
"goto fail;" may be the world's first self-describing bug.
— matt blaze (@mattblaze) February 23, 2014