The severity of the bug was significant enough for Apple to issue an iterative update to its more popular iOS 7 software — with the version 7.0.6, released on Friday — instead of waiting for a larger update as the company does with minor or insignificant design changes.
Such attacks would undermine the encryption between the user and a website, allowing financial or password data to be collected and used against the individual.
The bug, disclosed by security researchers shortly after the iOS update, drew suspicion from the hacker community for being a simple mistake.
Some believed either the bug was indicative of poor quality-assurance on Apple's part, or in the age of U.S. government surveillance disclosures perhaps as a result of infiltration or creating a deliberate weakness.
The bug, which be pushed through OS X's automatic update facility, will likely be issued this week to address the issue. The flaw has been present for months, according to researchers who tested earlier versions of the desktop and notebook operating system.
Daring Fireball's John Gruber, an Apple expert and insider, questioned in a blog post on Saturday whether or not this had been exploited by the NSA.
He suggested there was "purely circumstantial" evidence to suggest the NSA had access to secure data through the controversial leaked PRISM program, where by Apple was "added" in October 2012, just one week after iOS 6 — the first version of the mobile software that contained the bug. "But the shoe fits," he added.
According to Matthew Green, a cryptography teacher at Johns Hopkins University, he was "sure the Apple bug is unintentional," he wrote on Twitter on Friday. "But man, if you were trying to sneak a [vulnerability] into SSL, this would be it," he added.
ZDNet's testing showed that the pre-release version of iOS 7.1 (beta 5), which is expected to land in mid-March, contains the flaw, according to a website which tests whether or not the bug exists.