Apple Issues Patch For OS X SSL Security Vulnerability

Next Story

Apple Releases iBeacon Specifications Under Non-Disclosure Agreement

Apple faced a considerable security threat with its SSL flaw, present in both iOS and OS X devices over the past few days. The iOS bug was plugged late Friday via the iOS 7.0.6 update made available to iPhones, iPads and iPod touches, but Macs with 10.9 went unpatched until now. The fix is out, however, so grab it and get your Macs updated to v10.9.2 as soon as possible.

The SSL bug was caused by an extra “goto” command in Apple’s SSL/TLS authentication protocols, which meant that some transmitted data to and from iOS and OS X devices that was meant to be encrypted simply wasn’t. Hackers exploiting this vulnerability could easily stage “man in the middle” attacks, allowing them to intercept things like passwords and logins.

Hackers and security experts quickly noted that the security flaw as indeed “seriously exploitable,” and in place since before October 2013, making this no minor issue. For those who haven’t updated, it’s recommended that you avoid using Safari (stick to Chrome and Firefox) for any secure tasks, and/or avoid connecting to any large, public networks (especially those that lack encryption) as these are more likely to be targeted by hackers.

Now that the fix is out, however, the best course of action is to get all your 10.9 Macs updated (open the App Store, navigate to the ‘Updates’ tab) as quickly as possible. Seriously, this isn’t the time to play wait-and-see.

FaceTime Audio is another big addition in this release, which means you can initiate and receive voice-only calls to your iCloud contacts from your Mac. The Audio portion of the FaceTime communication protocol was previously relegated to iOS devices, so this means you essentially have a full suite of phone services that work across and between your desktops and mobile devices now, so long as you’re using all Apple gear.

About the update
The OS X Mavericks v10.9.2 Update is recommended for all OS X Mavericks users. It improves the stability, compatibility, and security of your Mac. This update:

Adds the ability to make and receive FaceTime audio calls
Adds call waiting support for FaceTime audio and video calls
Adds the ability to block incoming iMessages from individual senders
Includes general improvements to the stability and compatibility of Mail
Improves the accuracy of unread counts in Mail
Resolves an issue that prevented Mail from receiving new messages from certain providers
Improves AutoFill compatibility in Safari
Fixes an issue that may cause audio distortion on certain Macs
Improves reliability when connecting to a file server using SMB2
Fixes an issue that may cause VPN connections to disconnect
Improves VoiceOver navigation in Mail and Finder
Improves VoiceOver reliability when navigating websites
Improves compatibility with Gmail Archive mailboxes
Includes improvements to Gmail labels
Improves Safari browsing and Software Update installation when using an authenticated web proxy
Fixes an issue that could cause the Mac App Store to offer updates for apps that are already up to date
Improves the reliability of diskless NetBoot service in OS X Server
Fixes braille driver support for specific HandyTech displays
Resolves an issue when using Safe Boot with some systems
Improves ExpressCard compatibility for some MacBook Pro 2010 models
Resolves an issue which prevented printing to printers shared by Windows XP
Resolves an issue with Keychain that could cause repeated prompts to unlock the Local Items keychain
Fixes an issue that could prevent certain preference panes from opening in System Preferences
Fixes an issue that may prevent migration from completing while in Setup Assistant

Illustration: Bryce Durbin