Among the list of vulnerable apps and services are Mail, Twitter, Facetime, iMessage, iBooks and Apple's software update mechanism.
At the heart of the problem is Apple's "'secure transport' framework, the coding library that developers depend on to build programs that securely communicate online using the common encryption protocols TLS and SSL."
Ashkan Soltani, a privacy researcher well known for analyzing documents leaked by Edward Snowden for the Washington Post, released the list of vulnerable apps. The researcher says if someone wanted to they could "fake that verification [of how Apple authenticates their secure connection with servers] and hijack or corrupt traffic using what's known as a "man-in-the-middle" attack."
The most disturbing revelation is the fact that Apple's update application is compromised. The update application is the mechanism that pushes security patches and more to OS X devices. At worst, malware could be pushed to victim's Macs.
Here are some of the apps which rely on the vulnerable Apple #gotofail SSL library beyond Safari /cc @a_greenberg pic.twitter.com/ombDOOa01A
-- ashkan soltani (@ashk4n) February 23, 2014