On Friday, Apple quietly released iOS 7.0.6, explaining in a brief release note that it fixed a bug in which "an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS." That's the understated version. Another way to put it? Update your iPhone right now.
Oh, and by the way, OS X has the same issues—except there's no fix out yet.
Update, 2/25/14: Apple just released OS X 10.9.2, which patches the security flaw described below. Go download it from the App Store right now, preferably over a secure network.
If you understand what that release note meant in full, chances are you were first in line for the iOS update. If it reads like deleted scene from Sneakers, here's what it means for you and your Apple devices.
What Is SSL?
SSL stands for Secure Sockets Layer, and it's what helps ensure that communication between your browser and your favorite websites' servers remains private and secure. TLS, or Transport Layer Security, is a more recent protocol that does essentially the same. In brief, SSL/TLS is a cryptographic key that lets a browser and a server know they are who they say they are, a secret digital handshake that keeps your financial information safe when you make an Amazon payment or log into wellsfargo.com.
This all happens in the background; your only direct interaction with SSL/TLS is when you notice the lock icon in your search bar has clamped shut. That means you've got a direct, private, secure line.
The Apple bug in question—which, again, has been patched in iOS but not yet in OS X, though Apple tells Reuters that fix is coming "very soon"—means that Safari or one of these other affected applications can't actually know for sure if the servers it's talking to are who they say they are. Which leaves you and everything you transmit over the web vulnerable to a Man in the Middle attack.