Accoding to CNN, the SSL/TLS bug allows hackers to look into your Internet sessions through the “handshake” process between computers and web servers.
“Attackers can exploit this behavior so that they can decrypt and/or modify data in the communication channel,” says a blog post from the researcher who discovered the bug, Masahi Kikuchi.
Kikuchi noted that the vulnerability has been hiding on the web since OpenSSL’s first release more than 16 years ago.
“The biggest reason why the bug hasn’t been found for over 16 years is that code reviews were insufficient, especially from experts who had experiences with TLS/SSL implementation. If the reviewers had enough experiences, they should have been verified OpenSSL code in the same way they do their own code. They could have detected the problem.”
Users using Internet Explorer, Safari, Firefox, and Chrome are not affected by the SSL/TLS MITM bug, though Android and Chrome for Android are vulnerable to the security flaw.