Originally shared by +Elie Bursztein
You MUST upgrade your iOS and OSX devices NOW to secure your network communications.
Apple SSL implementation is flawed and allows an attacker to intercept ALL encrypted (HTTPS) communication. Every iOS Apps are vulnerables (Safari, Facebook, Google+, Mail…) . On OSX and Safari and many other apps are also affected. Chrome is not affected on OSX.
Please it is very important that you upgrade now as this vulnerability has been made public last night. In particular DO NOT connect to a public WiFi with an unpatched device.
To test if your device is vulnerable you can use the public website: https://gotofail.com
Help spread the word by re-sharing or +1 this post to ensure everyone promptly patch their devices.
For those interested in the technical details:
Apple cryptic patch notes http://support.apple.com/kb/HT6147 After refers to a bug introduced in libsecurity_ssl which is the SSL library used by Apple (http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c). This bug lead the SSL library to not check properly the hostname associated with a
given SSL cert which allows an attacker to easily snoop on any HTTPS site.