Adam Langely, security researcher and part of Google’s security team, notes that this is affects Safari on both iOS and OSX, and that it breaks SSL completely.

We expect that Apple will address this issue in short order but the fact that they occurred in the first place, is more alarming. With enterprise security (and consumer security) always a highly sensitive subject, such a simple oversight here could lead to profound implications if properly exploited.