Updated – All better with 10.9.2
Kudos to Apple for it’s timely patch of iOS yesterday, revealing that a major vulnerability existed in SSL\TLS verification because of one itty bitty stray line of code. But, um, what about the ENTIRE desktop ecosystem that is is OSX and betas of iOS!? Any time now, Apple.
Yesterday Apple released iOS update 7.0.6 alongside new builds for iOS 6 and Apple TV that it said provided “a fix for SSL connection verification.” While Apple didn’t provide much specific information on the bug, it wasn’t long before the answer was at the top of Hacker News. It turns out that minor security fix was actually a major flaw that could in theory allow attackers to intercept communications between affected browsers and just about any SSL-protected site using man in the middle tactics. Not only that, but the bug is also present in current builds of OS X that Apple has yet to release a security patch for! No word yet on an ETA, but jamming that software update button–much like your floor in the elevator–isn’t going to yield results.