Days after releasing a new version of its iOS mobile device operating system to address a flaw that could enable man-in-the-middle attacks, Apple Inc. has released a patch to address the same vulnerability in several iterations of its
OS X version 10.9.2 addresses 31 unique issues, including the "gotofail" bug, named after the coding error in Apple's software that spawned the vulnerability.
According to the SANS Internet Storm Center and other experts, the bug makes SSL/TLS sessions vulnerable to man-in-the-middle attacks.
On Friday the Cupertino, Calif.-based vendor released iOS 7.0.6 for iPhone 4, later fifth-generation iPod touch devices, and iPad version 2 and later. It also released a separate patch for its Apple TV product. According to Apple, until the patch is installed, an attacker with a privileged network position may be able to capture or modify data in SSL/TLS sessions.