[Further update (23rd February): commentary and advice from Stephen Cobb at ESET, who also looks at the issues for OS X users – OS X has the same vulnerability and hasn’t been patched yet. Safari users might consider using Chrome or Firefox for the moment. He also includes a link to Crowdstrike’s blog which I intended to include here before, but it slipped my mind (my bad!) And John Gruber has thoughts On the Timing of iOS’s SSL Vulnerability and Apple’s ‘Addition’ to the NSA’s PRISM Program further to an earlier article on Apple’s SSL/TLS Bug.]
[Update: good commentary from Graham Cluley here.]
Provides a fix for SSL connection verification. Needs iPad 2 or later, iPhone 4 or later, iPod 5th gen.
Apple’s minimal security info here.
CVE-2014-1266 refers.
Seems to be fairly urgent according to The Register and ZDnet. (HT to Graham Cluley re that ZDnet link.)
David Harley
Small Blue-Green World
Mac Virus 
Leave a Reply