Has goto fail been fixed yet?
On Feb. 25, 2014, 93 hours after patching the bug on
iOS, Apple finally released
a security update for OS X. The release notes for the OS X Mavericks v10.9.2
update do not mention a patch for the SSL/TLS bug, but another set of notes contain
information about the security content of 10.9.2 and Security Update 2014-001.
On Feb. 21, 2014, Apple pushed a security update for iOS to
patch a bug in its
implementation of SSL/TLS. Without the security update, an attacker could easily listen in
while you send emails, update your calendar, tweet, use Facebook, or check your bank
account on a shared network, such as a public WiFi at a library or coffee shop.
Apple did not say how long the bug has been around for, but it was
somewhere between iOS 6.0.0 (released Sept. 2012) and 6.1.3 (released Mar. 2013).