Feburary 25, 2014: Apple releases update for OS X
Update iOS NOW!
Apple has released an update to address a very serious security problem with iOS 7 and iOS 6. If you have an iPhone, iPod, or iPad install the update immediately.
Apple has not yet released an update for the OS X, though it promises one shortly. If you use Safari on Mac, consider using Firefox or Chrome instead (though this is not a guaranteed solution). This page will be updated when an OS X update is released.
The vulnerability affects the way SSL connections are verified. In other words the operating system is not able to determine if a connection to a secure website, i.e. banking, online shopping, Gmail, etc., is real. Attackers could impersonate a real website, tricking the user to enter their credentials; or an attacker could intercept and read the encrypted traffic between the user and the secure website.
- Krebs on Security: iOS Update Quashes Dangerous SSL Bug
- Apple: About the security content of iOS 7.0.6
- Sophos: Anatomy of a “goto fail” – Apple’s SSL bug explained
- The Register: Update your iThings NOW: Apple splats scary SSL snooping bug in iOS