February 23, 2014
MarkBernstein.org
 

Security

Someone at Apple – possibly an NSA mole or possibly just an inattentive programmer – made a mistake and left a security hole in iPhone and Macintosh software. The new iPhone update closes the hole; a Mac update is doubtless en route.

Here’s the code. The key passage is:

if(…the certificate checks out…) 
     goto fail;
     goto fail;

Things to keep in mind: