No operating system is secure. There are always new holes being discovered in our favorite tools and operating systems. Apple’s Gotofail security flaw is very serious though. It was just a couple of days ago that we discovered that encryption in iOS had a major flaw. But iOS is not the only Apple product suffering from it. The bug also extends to OS X and apps like Mail, Twitter, Facetime, iMessage, and Apple’s software update mechanism.
Privacy researcher Ashkan Soltani has posted a list of apps that rely on the vulnerable Apple SSL library. All these apps are vulnerable to man-in-the-middle vulnerability that was recently discovered. The problem seems to have been caused by a goto command that was used incorrectly. This is a nightmare for Apple and its fans. For its part, Apple is going to issue an update to fix this mess:
We are aware of this issue and already have a software fix that will be released very soon.
In the meantime, if you have an iOS device, you should update it as soon as possible. Those of you who have not patched your device yet should stay away from unsecured WiFi networks for now. The bug seems to have been in place for months. Whether the NSA or rogue engineers had anything to do with it is anybody’s guess at this point.