El Reg here: Hackers break SSL encryption used by millions of sites ? The Register

TLS 1.0 vulnerable, TLS 1.1 and 1.2 not vulnerable. Except no-one really uses TLS 1.1 or 1.2, either because the webserver doesn't support it or the browser vendor couldn't be bothered to include it or didn't set it as default.