Full story:
http://www.theregister.co.uk/2014/02/25/apple_mac_os_x_10_9_2_ssl/This was back in February.
Update your Mac NOW: Apple fixes OS X 'goto fail' SSL spying vuln
Guys, Patch Tuesday is for Microsoft and Adobe, this should have been Patch Friday
It is more than an Apple;e thing. Bad SSL can hurt anybody.
It also just so happens to snap shut a gaping security vulnerability that potentially allowed hackers to hijack users' bank accounts, read their email, steal their passwords, and compromise other SSL-encrypted communications.
On Friday afternoon, the Cupertino giant updated iOS 7 and 6 for iPhones, iPods, iPads, and Apple TVs to squash a flaw that knackered the integrity of SSL connections: a programming bug caused Apple's SSL code to skip over vital checks of a server's authenticity when establishing a connection. Apps affected by the flaw were left with no way to securely prove who they were talking to over the network.
It is a common practice for a computer program to just skip over something looking like a 'glitch' and just go a head with an operation. With SSL, that is a stupid mistake.
The article shows a bit of code and adds:
Visiting gotofail.com, a reference to the above code *censored*-up, will test whether your web browser correctly rejects a malicious SSL certificate, rather than blindly trust the server is what it says it is.
Many are blaming Apple. But the implication is much greater. Here is a general article on what SSL is and why it matters.
Transport Layer Security SSL
