Well, to put it simply, with the right type of request, certain implementations of the widely used OpenSSL suite were leaking sensitive data stored in memory. The vulnerable version of OpenSSL was found to be OpenSSL version 1.0.1 up to and including 1.0.1f, and 1.0.2-beta1.
On the 8th April 2014, a security advisory was released stating that a missing bounds check within openssl could be used to reveal up to 64bits of data stored in memory.
Recently the Pure Hacking technical team completed a regular skills update session on iPhone application security with a company that is a world leader in identifying mobile application vulnerabilities. Most mobile application vulnerabilities occur when developers either insecurely store sensitive information in the application or use client side controls to enforce server security. With 1,000,000 apps in the app store today this has serious repercussions for naive consumers.
Richard Brown, Pure Hacking dedicated security consultant and all round security fanatic impressed the conference organisers and participants at this year's DefCon with his innovative DefCon badge hack.