OSX 10.9.2 fixes "goto fail;" SSL vulnerability

Apple have just released OS X 10.9.2, fixing among other things the "goto fail;" SSL vulnerability.  The bug also affected iOS 7 - a fix was released earlier with the release of iOS 7.0.6. Everyone running OSX 10.9 "Mavericks" and iOS 7 should upgrade immediately to these releases. The technical details of the SSL vulnerability have been discussed in an excellent writeup by Adam Langley.  The vulnerability is caused by a failure to correctly validate the signature of a presented certificate. This allows any private key to be used with any certificate, creating an avenue for man-in-the-middle attacks.

A website designed to test vulnerability to the bug is available at https://gotofail.com/.

The bug is formally known as CVE-2014-1266.