February 24th 2014
By Mike Flaminio
Kristin Paget on gotofail
WHAT THE EVER LOVING F**K, APPLE??!?!! Did you seriously just use one of your platforms to drop an SSL 0day on your other platform? As I sit here on my mac I'm vulnerable to this and there's nothing I can do, because you couldn't release a patch for both platforms at the same time? You do know there's a bunch of live, working exploits for this out in the wild right now, right? Your advisory is entirely focussed on iOS so we know nothing of OS X yet (other than the fact that the exploits work) - could you tell us what in OS X is vulnerable? Is mail.app vulnerable? Should I be worried about malicious SSL/TLS mailservers? How about your update system itself - is that vulnerable?
Come the hell on, Apple. You just dropped an ugly 0day on us and then went home for the weekend - goto fail indeed.