Apple have recently announced the existence of a vulnerability in iOS devices. On the same day, the company released a fix for the problem.
Unfortunately, Apple failed to release a fix for the problem in Mac OSX, the operating system used by most Apple laptops and desktop computers.
What is the issue?
The vulnerability is down to a simple typo, an extra "goto fail" in the code. The extra goto is in a part of the code that deals with secure connections. When the code tries to check a connection's digital signature, it runs in to the "goto" and never confirms the signature.
In theory, this would allow your secure connections to be spied upon, your log-in details taken and false information sent back. This is very serious, especially when activities such as online banking are taken in to account.
Are you vulnerable?
Visit the site gotofail.com to check your status.
- Green - You are safe
- Orange - Your browser is safe but some apps may be at risk
- Red - The bug exists in your browser and you are at risk.
The bug appeared in September 2013.
Recent versions of iOS 7 and iOS 6 may have the fault.
OSX Mavericks also has the bug.
What you should do
Updates have been released for iOS 7 and iOS 6, so simply update these from your iPhone.
Go to Settings -> General -> Software Update.
A word of warning: Apple are only providing the iOS 6 update to devices that can not run iOS 7 (eg. iPhone 3.) This means you'll be forced to update your iPhone 4 or 4S, even if you originally preferred to stay with iOS 6.
No fix has been released for OSX Mavericks, though one is promised soon.
If you use Mountain Lion or an older OS, you should be safe. If you're using Mavericks it is recommended not to use Safari, as Chrome and Firefox have their own built in security verification code.