@acfrazier Yes. Hex edit evasi0n to add 7.0.6 support. ;P
"I coded up a very quick test site at https://www.imperialviolet.org:1266. Note the port number (which is the CVE number), the normal site is running on port 443 and that is expected to work. On port 1266 the server is sending the same certificates but signing with a completely different key. If you can load an HTTPS site on port 1266 then you have this bug."
If I compile with -Wall (enable all warnings), neither GCC 4.8.2 or Clang 3.3 from Xcode make a peep about the dead code. That's surprising to me. A better warning could have stopped this but perhaps the false positive rate is too high over real codebases? (Thanks to Peter Nelson for pointing out the Clang does have -Wunreachable-code to warn about this, but it's not in -Wall.)
Don't worry. The security update used to patch Apple's iOS SSL authentication flaw will be delivered to you securely via a SSL connection.
« Older "If you were a sexually repressed British butler, ... | What happens when you ask actu... Newer »
Buy a Shirt