SSL Vulnerability presents in iOS 7.1 beta and OS X Mavericks 10.9.2 Developer Preview
Apple released iOS 6.1.6 and iOS 7.0.6 to address an SSL vulnerability issue on Friday, February 21, 2014. According to reports, the same vulnerability presents in the current build of OS X Mavericks 10.9.1, OS X Mavericks 10.9.2 build 13C62 and iOS 7.1 beta build 11D5145e.
Based on goto fail; test Google Chrome, Mozilla Firefox and Camino on OS X are not affected by this vulnerability. Camino browser was no longer developed as of May 31, 2013.
Apple is expected to fix this SSL vulnerability issue in the upcoming build of iOS 7.1 and OS X Mavericks (10.91 and 10.9.2 Developer Preview).
John Gruber wrote a great post on Daring Fireball regarding this SSL vulnerability issue and NSA exploits on iOS.
According to Jeffrey Grossman’s tweet (Jeffrey903):
I have confirmed that the SSL vulnerability was introduced in iOS 6.0. It is not present in 5.1.1 and is in 6.0 /cc @markgurman
Tin foil hat might be handy, as a sleeper NSA agent might be working at Apple.