Apple SSL implementation is flawed and allows an attacker to intercept ALL encrypted (HTTPS) communication. Every iOS Apps are vulnerables (Safari, Facebook, Google+, Mail...) . On OSX and Safari and many other apps are also affected. Chrome is not affected on OSX.
Please it is very important that you upgrade now as this vulnerability has been made public last night. In particular DO NOT connect to a public WiFi with an unpatched device.
To test if your device is vulnerable you can use the public website: https://gotofail.com
Help spread the word by re-sharing or +1 this post to ensure everyone promptly patch their devices.
For those interested in the technical details:
Apple cryptic patch notes http://support.apple.com/kb/HT6147 After refers to a bug introduced in libsecurity_ssl which is the SSL library used by Apple (http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c). This bug lead the SSL library to not check properly the hostname associated with a
given SSL cert which allows an attacker to easily snoop on any HTTPS site.
It ran OK for a month or so after I received it, but then became utter garbage after the first OTA. I felt that 4.3.1 ran OK, but now I'm on the latest and once again, I want to chuck it through a window every time I pick it up. Clean wipe every time.
I have a Nexus 5 now and that makes it even worse. :)
- University of Southern Maine1989 - 1994
HomeBrewTalk.com - Beer, Wine, Mead, & Cider Brewing Discussion Comm...
A home brewing beer and wine making civilized discussion community. Also with beer/wine/mead/cider discussion, beer reviews, pub talk, and g
HARDOCP - HardOCP Computer Hardware Reviews and News
Online magazine that offers news, reviews, and editorials that relate to computer hardware, software, modding, overclocking and cooling
FinalGear.com :: There's Fifth Gear, There's Top Gear, And Then There Is...
The #1 Top Gear and Fifth Gear fansite featuring episode guides, torrent links, great forums, breaking news, and more.