In
the Apple security bulletin issued Friday night (Feb. 21), Apple said only, «An attacker with a privileged network position may capture or modify data in sessions protected by SSL / TLS... Secure Transport failed to validate the authenticity of the connection.
But the listed CVE number is not in
Apple's three most recent iOS
security bulletins, and given
Apple's occasional tendency to drag its heels on
security issues that it didn't discover itself, we'd give even odds that iPhones are not yet safe.