Apple’s latest software release, iOS 7.0.6, included a brief explanation saying that the update fixed a bug where “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” Translation: update your iOS devices ASAP. OSX devices also have this problem, but Apple has not implemented a fix for them yet, much to the public’s chagrin.
What does this mean exactly?
SSL stands for Secure Sockets Layer, and it's what helps ensure that communication between your browser and your favorite websites' servers remains private and secure. TLS, or Transport Layer Security, is a more recent protocol that does basically the same thing, with TLS being marginally more secure. In brief, SSL/TLS is an encoded ‘language’ that lets browsers and servers interact securely, keeping your important information safe when you make an Amazon payment or log into your online bank account. Therefore, someone on the same network as you can potentially access your supposedly secure SSL/TLS transactions and information.
Since there is no OSX fix yet, Safari or one of the other affected applications can't actually know for sure if the servers it's talking to are who they say they are. This means everything you transmit online may be going through someone else before it gets to where you want it to go.
The person in the middle of the transaction intercepts the communication between your browser and a site, monitoring, recording, seeing everything that occurs between you. The SSL/TLS protocols normally do a good job making it not worth the effort of trying to get past them to intercept data, but this Apple bug makes it much easier.
Matthew Green, a Johns Hopkins cryptography professor, even went as far as to say that the situation is “as bad as you could imagine.”
No one is really sure how this happened and Apple isn't saying much. Theories are sprouting up everywhere, and range from plausible to tin-foil-hat status.
You can protect yourself by downloading iOS 7.0.6 right now if you have a newer iOS device, or iOS 6.1.6 if you've got a 3GS or an older iPod touch.
If you're using OSX, no luck yet. The vulnerability is still there, and now everybody knows about it, so criminals are going to be trying to take advantage of the opening while they can. There is an unofficial patch around but it's not exactly simple so tampering with that may not be a good idea unless you really know what you’re doing. A better idea for now is to use Chrome or Firefox, which aren't affected, since they’re not tied to the operating system. You should also stay on secure, trusted networks and be smart (no financial info, no transactions, no personal details) if you're on public networks. That's always a good idea but especially until this problem is fixed.
Check out Gizmodo for more complete info.