The flaw affects SSL when the device or OSX system communicates on the Internet via an unsecured wireless network, and only if you are using Safari (in the case of OSX).
Here's some detail from a Network World article:
http://www.networkworld.com/news/2014/0 ... ce=nww_rss
I was a bit worried, until I got more detail, then I quit worrying. My home network uses a secured wireless, and I use Firefox with a number of add-on tools on my laptop, especially when traveling or accessing open wireless at Starbucks. While this is a critical issue regarding SSL, it isn't world-ending and only really affects iOS and OSX users accessing open, unsecured wireless.
The flaw, it turns out, is an extra code line in an if-statement containing the "goto fail" that causes the if-statement to fail all conditions. Somehow, the errant line was overlooked in code review and wasn't caught in compile.
It looked something like this:
- Code: Select all
if something-or-other then do-something-or-other else
if something-or-other-more then do-something-more else
It's been an interesting weekend keeping up with this one.