Update your iThings NOW: Apple splats scary SSL snooping bug in iOS
(http://www.theregister.co.uk/2014/02/21/apple_patches_ios_ssl_vulnerability/)http://www.theregister.co.uk/2014/02/21/apple_patches_ios_ssl_vulnerability/

Apple promises fix 'very soon' for Macs with failed encryptionhttp://www.reuters.com/article/2014/02/22/us-apple-encryption-idUSBREA1L10220140222

Upshot is that both iOS and Mac OS have a problem with how they implement SSL. There is a patch out for iOS, they are working on one for Mac OS X. Firefox and Chrome use different approaches to security so you can use them to browse safely until Apple issues the Mac OS X patch.

Thx for the upshot! Informative and concise.

The patch is for Safari, but apparently there are other components that also contain the bug;

Apple's 'Gotofail' Security Mess Extends To Mail, Twitter, iMessage, Facetime And More (http://www.forbes.com/sites/andygreenberg/2014/02/23/apples-gotofail-security-mess-extends-to-mail-twitter-imessage-facetime-and-more/)

First, Apple revealed a critical bug in its implementation of encryption in iOS, requiring an emergency patch. Then researchers found the same bug is also included in Apple’s desktop OSX operating system, a gaping Web security hole that leaves users of Safari at risk of having their traffic hijacked (http://www.forbes.com/sites/andygreenberg/2014/02/22/stop-using-safari-and-update-ios-to-avoid-apples-critical-gotofail-security-bug/). Now one researcher has found evidence that the bug extends beyond Apple’s browser to other applications including Mail, Twitter, Facetime, iMessage and even Apple’s software update mechanism.

On Sunday, privacy researcher Ashkan Soltani posted a list of OSX applications on Twitter (https://twitter.com/ashk4n/status/437650438079672320/photo/1) that he says he’s determined use Apple’s “secure transport” framework, the coding library that developers depend on to build programs that securely communicate online using the common encryption protocols TLS and SSL. The full list, which isn’t comprehensive given that Soltani only analyzed the programs on his own PC, is shown below. (Soltani has underlined the vulnerable application names in red.)

http://blogs-images.forbes.com/andygreenberg/files/2014/02/Screen-Shot-2014-02-23-at-4.57.40-PM-e1393192763707.png (http://blogs-images.forbes.com/andygreenberg/files/2014/02/Screen-Shot-2014-02-23-at-4.57.40-PM-e1393192763707.png)
Privacy researcher Ashkan Soltani’s list of OSX applications that use Apple’s vulnerable implementation of SSL and TLS encryption. (Click to enlarge.)

This is un-possible since we all know Macs are invincible! Boo Windows & Android!!!!

If I recall reading correctly this has been around for a very long time, just now being addressed so your data has long since been stolen.

I've see the actual error in the code, and it's a rookie coder mistake. The fact that Apple has known about it for at least a couple of years, and done nothing until now, makes me wonder if it was a mistake at all...or(donning tinfoil hat) perhaps a deliberate backdoor inserted at the request of some alphabet agency?

It's been in since 10.8, that doesn't mean Apple knew about it since then.

Here's a look at the offending code. The last coding I did was in BASIC about 30 years ago, but it's pretty obvious where the error is to me.

http://www.wired.com/threatlevel/2014/02/gotofail/

Apple has released updates for OS X to correct this issue.

The upgrade is great.... Now I can't sync it with iTunes on my win8 machine anymore. Guess I'll have to pull out the old laptop. Yay