And the attack isn't active. With a fake base station set up, it needs no Internet connection and it can fake multiple names using virtual networks, a Wi-Fi feature that lets one hardware base station sport many names. (That's how guest networking works with Apple's equipment.)
The repair is surely coming from Apple for the SSL certificate parsing flaw. But the bigger issue in the industry that remains requires time to fix. There has to be a way to let users more effectively only connect to networks to which they intend to, and none yet exists.
Sign up for CIO Asia eNewsletters.