To all Apple users that I know (and any others that stumble across this article),
It is rather imperative that you upgrade your iOS and OS X devices as soon as possible. Perhaps even right now, before you finish reading why. Your network communications are at risk!
Apple’s SSL implementation has a rather simple, yet critical flaw in it that allows an attacker to intercept ALL of your encrypted (HTTPS and other SSL) communication. All iOS apps are vulnerable ( Calendar, Facetime, iBooks, Keynote, Mail, Safari, Software Update) as well as third-party apps, such as Facebook and Twitter. Some apps, like Chrome, are not affected by this; nonetheless, it is of supreme importance that you update your devices!
- You should make sure that your iOS 7 devices are updated to 7.0.6, as this fixes the bug.
- For iOS 6, Apple released an update to 6.1.6, for the iPhone 3GS and fourth-generation iPod touch.
- OS X 10.9 should be updated to 10.9.2 to fix the bug.
- Any OS X Version before 10.9 will not have this issue.
DO NOT update over, or connect to any public wireless (WiFi) if you have not patched, as you put ALL of your data at risk.
Please refer to the Apple Knowledgebase page on updating your iPhone, iPad, or iPod touch for information on how to update your devices.
This security flaw in the SSL library causes all SSL certification to return as secure, as it partially bypasses the check. For those that are interested, you can see the offending file (sslKeyExchange.c via Apple OpenSource) or read more about the issue on the Apple Knowledgebase.
After you have patched, you can visit http://gotofail.com to see if your device has been properly patched.