Today, Apple has released an update which addresses the SSL verification issues that were found in Mac OS X.
The patch was first found in iOS and was promptly patched with iOS 7.0.6 (and iOS 6.1.6 for those who aren’t on iOS 7). When Cryptography professor Matthew Green discovered that this weakness existed in both iOS and OS X, he said:
“It’s as bad as you could imagine, that’s all I can say. Without the fix, a hacker could impersonate a protected site and sit in the middle as email or financial data goes between the user and the real site.”
The major security flaw allowed hackers to intercept email and communications that are supposed to be encrypted. Assuming the attacker had access to the same network as the mobile or desktop user, they could view and change any traffic between the user and any protected website, like Facebook or Gmail.