Explaining Apple’s SSL/TLS Bugfix imperialviolet.org

Adam Langley explains yesterday’s rather critical iOS 7.0.6 update:

Yesterday, Apple pushed a rather spooky security update for iOS that suggested that something was horribly wrong with SSL/TLS in iOS but gave no details. Since the answer is at the top of the Hacker News thread, I guess the cat’s out of the bag already and we’re into the misinformation-quashing stage now.

Great explanation of a very worrying — and surprisingly subtle — bug. Since OS X and iOS share development these days, this bug also affects OS X 10.9; expect to see a patch for that soon.