Here's the full quote from the Reg:
"Although that particular glitch is real and irritating, it turned out not to be the showstopper that Apple patched on Friday: others have since uncovered a staggering cock-up that appeared in the latest available open-source code for Apple's SSL security library, specifically in the SSLVerifySignedServerKeyExchange() function.
Aptly, it's a double goto fail; so the code skips a vital verification step when exchanging keys with the server to prove its identity and authenticity. Oops."