The flaw isn't new, but many defenders counted on the fact that creating the conditions necessary to exploit it were "nontrivial," a term that in cryptography circles means nearly impossible to accomplish. Duong and Rizzo, two accomplished vulnerability experts, figured it out.
The BEAST tool works by creating additional "known" plaintext data blocks that are encrypted using known IVs. In cases of TLS 1.0/SSL 3.1 and earlier, RFC 2246 dictates that the IV of one packet or data stream is the last ciphertext block from the previous packet or data stream. This is inherently weak, because many of today's cryptographically protected data streams use cipher-block chaining, or CBC mode, for speed. In CBC mode, each block of plaintext is encrypted with information from the previous encrypted block. What makes each subsequent enciphered block unique (and uncrackable) from the previous block is a randomly generated IV. At least that's what is supposed to happen, but sometimes, as early versions of SSL and TLS (and WEP), it doesn't.
Unfortunately, TLS 1.1 and 1.2 versions are not enforced anywhere by default -- and to be effective, all other previous HTTPS protocols must be disallowed by at least one side of the connection. Most HTTPS-protected websites will probably not upgrade to TLS 1.1 or 1.2 for some time; if you upgrade your browser to TLS 1.1 and disallow any other type of connection, you will not be able to establish connections to most HTTPS hosts.
TLS 1.1 browser support
Only some of today's popular browsers currently support TLS 1.1, and even then, it may not be enabled by default. The latest versions of Microsoft Internet Explorer, Opera, and Windows versions of Safari support TLS 1.1 or 1.2. Google Chrome should have a fix out soon. For more detail, see Thierry Zoller's TLS/SSL Hardening & Compatibility Report 2011 (PDF).