A newly-discovered flaw in some implementations of cryptographic protocols SSL and TLS — including those used by Apple’s Safari and Google’s Android AOSP browsers — could allow an attacker to force clients to use older, weaker encryption that would make it significantly easier to intercept secure communications.
Apple has promised to distribute a client-side patch for the issue on both iOS and OS X by next week, while the researchers who discovered the flaw — from INRIA, IMDEA, and Microsoft Research — have been working to notify hosts who still serve export ciphers.