The Apple security flaw is gaping, serious, should have been found, and gives one seriously to wonder if it was accidentally on purpose created for NSA. Apple of course doesn’t do apologies. Thus we can probably expect a snarling non-apology apology like Jobs did with the iPhone 4 antenna problem.
a) Update your Apple device immediately. Do it now. Seriously. Now.
b) It’s sadly becoming clear that through incompetence, lack of concern for end users, and/or collusion with NSA that hardware and software company can not be trusted. None of them. Deal with it.
c) The offending code was a “goto” statement. A goto statement??? In Computer Science 101 we were told we would be flogged if we used gotos because they lead to terrible, hard to debug code.
On Friday, Apple quietly released iOS 7.0.6, explaining in a brief release note that it fixed a bug in which “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” That’s the understated version. Another way to put it? Update your iPhone right now.