Last Updated: 2014-02-21 22:05:13 UTC
by Jim Clausing (Version: 1)
Apple sent out 3 bulletins and OS updates today (iOS 6.1.3, iOS 7.0.6, and Apple TV 6.0.2) all fixing a bug that would potentially allow SSL/TLS connections to be vulnerable to undetected man-in-the-middle attacks. All three updates share the same CVE number CVE-2014-1266. The Apple Security updates page does not yet appear to have the updates listed there, but they should be there shortly (may be there by the time you read this). If you have an Apple device running iOS 6 or 7 or Apple TV, you should probably apply these updates ASAP.
Ref: Apple Security Update page - http://support.apple.com/kb/HT1222
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu