A massive security hole was found in iOS (6.1/7.0) and Mac OS X (10.9) that results in certain fraudulent SSL certificates to be accepted as valid by Apple's SSL library. This bug has been fixed in iOS 6.1.6 and 7.0.6 - if you have an iDevice, GET THE UPDATE NOW. This bug has not been fixed in Mac OS X 10.9 yet. If using 10.9 or 10.9.1, use Chrome or Firefox instead of Safari. Note that this bug also affects other Apple software that uses the SecureTransport library, including Mail.app. UPDATE [2014/02/25]: Mac OS X 10.9.2 is out, and it fixes the vulnerability. Get it now if you're using 10.9 or 10.9.1. Mac OS X 10.8.x and earlier is not affected. The vulnerability was introduced when Apple switched from OpenSSL to their own SSL library. To check if your system is vulnerable, go to https://gotofail.com/ .
I would advise caution about the upgrade -- it is critical and should be done, but there have been several reports of bricking caused by the upgrade (see here, or alternate). Go in with both eyes open, as the level of fail in Apple's part does not seem to be restricted to only the security flaw.
Conspiracy theories are flying around of course, that this bug was deliberately snuck in under orders of the NSA. Then though there's the OTHER theory that this is being released now because there's one just been placed in the new update and this will force everyone to upgrade. The thing about it of course is that because of the complete removal of any trust the agency may once have had, there is absolutely no way to know if either of these are true.
Ryan Petrich also released a Substrate tweak for those who are jailbroken and don't want to suffer a restore cycle.
Mac OS X 10.9.2 is out, and it fixes the exploit. GET IT NOW if you're using Mac OS X 10.9! EDIT: Looks like 10.7 and 10.8 are also affected. I don't see any updates for them on the Apple support website, though...
