Apple Issues Patch For OS X SSL Security Vulnerability

Apple faced a considerable security threat with its SSL flaw, present in both iOS and OS X devices over the past few days. The iOS bug was plugged late Friday via the iOS 7.0.6 update made available to iPhones, iPads and iPod touches, but Macs with 10.9 went unpatched until now. The fix is out, however, so grab it and get your Macs updated to v10.9.2 as soon as possible.

The SSL bug was caused by an extra “goto” command in Apple’s SSL/TLS authentication protocols, which meant that some transmitted data to and from iOS and OS X devices that was meant to be encrypted simply wasn’t. Hackers exploiting this vulnerability could easily stage “man in the middle” attacks, allowing them to intercept things like passwords and logins.

Hackers and security experts quickly noted that the security flaw as indeed “seriously exploitable,” and in place since before October 2013, making this no minor issue. For those who haven’t updated, it’s recommended that you avoid using Safari (stick to Chrome and Firefox) for any secure tasks, and/or avoid connecting to any large, public networks (especially those that lack encryption) as these are more likely to be targeted by hackers.

Now that the fix is out, however, the best course of action is to get all your 10.9 Macs updated (open the App Store, navigate to the ‘Updates’ tab) as quickly as possible. Seriously, this isn’t the time to play wait-and-see.

FaceTime Audio is another big addition in this release, which means you can initiate and receive voice-only calls to your iCloud contacts from your Mac. The Audio portion of the FaceTime communication protocol was previously relegated to iOS devices, so this means you essentially have a full suite of phone services that work across and between your desktops and mobile devices now, so long as you’re using all Apple gear.

Illustration: Bryce Durbin