Triple-handshake flaw stalks Macs and iThings
Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs. The so-called "triple handshake" flaw quietly emerged yesterday amid panic over OpenSSL's Heartbleed vulnerability, and soon after the embarrassing "goto fail" blunder in iOS and OS X. Apple's "triple handshake" bug [CVE-2014-1295, advisory] is unrelated to Heartbleed, and nothing like as serious, according to security experts. For one thing, Heartbleed is a problem...