goto fail
Apple shipped iOS 7.0.6 on Friday with the fix for CVE-2014-1266. The bug is one line: a duplicated "goto fail;" that has, for eighteen months, made iOS and OS X TLS connections fail to validate server certificates.
Apple shipped iOS 7.0.6 on Friday with the fix for CVE-2014-1266. The bug is one line: a duplicated "goto fail;" that has, for eighteen months, made iOS and OS X TLS connections fail to validate server certificates.
Flashback has put approximately six hundred thousand Macs into a botnet over the past month, which is the structural end of "Macs don't get viruses" as a defensive position. Apple's six-week Java patch lag is the part worth recording.