Behind iPhone’s Critical Security Bug, a Single Bad ‘Goto’

24 February 2014Apple

Kevin Poulsen, reporting for Wired:

Apple released iOS 7.0.6 yesterday to patch the bug in its implementation of SSL encryption — the internet’s standard defense against eavesdropping and web hijacking. The bug essentially means that when you’re e-mailing, tweeting, using Facebook or checking your bank account from a shared network, like a public Wi-Fi or anything tapped by the NSA, an attacker could be listening in, or even maliciously modifying what goes to your iPhone or iPad.

As someone that has tried his hand at programming, I know all too well how easy it is to create bugs and how hard it can be to then identify and correct them. That said, it’s astounding that this wasn’t identified sooner by Apple and their army of engineers. If there’s one area where you would assume they thoroughly check and test their code, it’s the low-level security frameworks.

Update your iOS devices to 7.0.6.