An Apple iOS and OS x Secure Socket Layer (SSL) software vulnerability that allows a malicious user or hacker to intercept and alter communications including email and login credentials. The vulnerability allows anyone with a certificate signed by a “trusted CA” to do a man-in-the-middle attack and intercept communication between the user’s Apple hardware and the intended recipient or website.
Apple Security Patches
Apple released a patch for devices including the iPhone (4 and later), iPod touch (5th generation) and the iPad (2nd generation). The SSL vulnerability has also been patched for OS X Mavericks. Websites, including this goto fail test site will check if your system is vulnerable if you visit the URL using the Safari browser.
A Simple Programming Error?
As reported on Wired, the iOS 7 bug is the result of a simple programming error where two “goto fail” lines appear, one after the other. The second function is a duplicate entry (a typo) that diverts the program s execution past a critical authentication check.
