Apple Decides That Dead Silence Is The Best Way To Address Major Encryption Flaw On OS X
Apple on Friday issued an update that fixed a rather severe vulnerability in their SSL/TLS implementation in iOS. In short, the flaw allowed any hacker the ability to intercept data during supposedly secure and encrypted transfers when using an iPhone, iPad or iPod Touch on a public network. Estimates suggest that the vulnerability was introduced in iOS 6.0 back in September 2012 (Apple was added as a PRISM partner in October 2012, utterly circumstantial but just sayin'). After some reverse engineering of the patch, people discovered it overhauled some fairly major portions of iOS.
The bigger problem is they discovered during that analysis it also impacts Apple laptops and desktops running Apple’s OS X (there's a few of those out there). The original bug existed for some time before being detected, and at the moment there's not only no fix in place for laptop and desktop users, but Apple hasn't issued any statements warning customers that everything they do at the coffee shop is potentially exposed.