Apple released an update to iOS 7 recently to close a serious security hole in their secure web connection software.
The reported problem was that the security protocol "failed validate the authenticity of the connection."
What does this mean to me?
If I use my iPhone or iPad to connect to make a secure connection to a bank, internet retailer, etc.,or anything else (maybe webmail?), the "secure connection" actually wasn’t secure.
If you’re using a public (open, unencrypted) web site, like at the coffee shop, you are subject to a Man–in–the–Middle attack.
This is where you accidentally connect to someone’s wireless system or router instead of the the store’s router, then they spoof everything you see. They receive your request to go to the bank, they transmit it to the bank. They receive the bank’s response, they send it to you. Meanwhile, they record everything sent in both directions, getting your userID, password, credit card info, whatever is sent!
This is normally prevented by the secure SSL connection when you use an HTTPS connection. After all, that’s it’s purpose.
In this case, the problem is that Apple’s SSL implementation was flawed and did not properly validate the connection.
Apple released iOS 7.0.6 to fix the problem, and released an update for the Mac also. I haven’t seen anything mentioning whether this affected Safari on Windows, or not.
Get your Apple device updated now, if you have not already done so.