If it wasn't yet clear to Apple that its 'gotofail' security flaw has the undivided attention of the information security industry, one of its own recently departed star engineers just spelled out the severity of that bug in highly profane terms. "WHAT THE EVER LOVING F**K, APPLE??!?!!" wrote former Apple security [...]
Paget, a well-regarded researcher who left her position on Apple’s security team for a job at Tesla just earlier this month, wrote perhaps the most scathing critique yet of the company’s security response to its “gotofail” bug, which would allow a wide array of Apple programs’ SSL-encrypted communications to be hijacked, eavesdropped or corrupted. The vulnerability, which earned its nickname due to being caused by a single misplaced “goto” command in Apple’s code, was patched Friday for iOS.
But researchers quickly found that it affected Apple’s desktop OSX software as well, ===> and the company has yet to fix the desktop version of the bug. <===