Apple has released a patch for iOS released, a serious vulnerability in the SSL/TLS implementation issues. Also, OS X seems to be however vulnerable. The bug makes it possible for data traffic that is encrypted should be.
Apple has iOS 6 and 7 updates to versions 7.0.6 and 6.1.6. According the manufacturer, there was a bug that made it possible for an attacker with elevated network privileges to use ssl/tls protected data to capture and change’. The cause would lie in not properly validate the authenticity of the connection, but the details are still scarce.
It is in other words possible for an attacker to https://-verkeer from a non patched iOS device over a computer network, where he also is connected, in to see. Ssl/tls should be especially sensitive data such as online banking, online purchases and web mail protection, but the encryptieprotocollen be at more and more sites are applied. Especially when connecting to free public networks is now sprung up bug a danger.
Multiple sources, such as a security company, Crowdstrike, report, however, that not only iOS, but also OS X the erroneous ssl/tls implementation. According to NeoWin, is only https://-verkeer with direct ip addresses vulnerable and urls with domain names. It is unclear which versions of OS X are affected, but according to Neowin it goes in any case to Mavericks.
The advice to iPhone and iPad users to update to the latest iOS version as soon as possible. Further, it is recommended to connections with networks whose reliability was not established to avoid. The expectation is that Apple has an update for OS X will be released, but this has not yet been announced.
Update, 15.30: The error would lie in a double ‘goto fail’ in the code. This would cause the check or the certificate with the private key should be skipped, argues, among other Adam Langley of Google.