Mac OS X 10.9.2 released. Apple fixes critical SSL security hole

Apple has just issued OS X Mavericks version 10.9.2, fixing the same serious SSL security hole that they fixed for iPhone and iPad users at the end of last week.

Here is what you should see if you go into the Mac OS X App Store, and look for updates:

OS X 10.9.2 update

Mac OS X 10.9.2 has been pushed out of the door primarily to fix the embarrassing so-called “gotofail” flaw that could have made it possible for hackers to intercept communications between computers running Mavericks and secure websites.

As I explained at the time, the privacy hole was created because of a flaw in Apple’s source code:

A fumbling programmer accidentally introduced the security hole by including two “goto fail” lines in the code, one immediately after the other.

Mavericks App Store, home for OS updatesThe first one is in the right place, but the second shouldn’t be there. That duplicate line wrecks the code’s intended execution path, meaning that a critical authentication check doesn’t occur.

It is now obviously important that iMac and MacBook users update their copy of Mavericks at the earliest opportunity (users of earlier versions of Mac OS X are not thought to be affected), before online criminals manage to take advantage of the flaw.

Companies and organisations typically like to take their time rolling out operating system updates, in case there are incompatibilities or unintended consequences of pushing out a new update to the computers on their network.

Home users, however, are typically more relaxed, eager to upgrade to the latest and “greatest” version of their preferred operating system.

I would certainly encourage users to upgrade to OS X Mavericks 10.9.2, but it’s always sensible to make a secure backup of your computer first, just in case…

Tags: , , , , ,


, , , , ,

One Response

  1. seiko 1 February 25, 2014 at 9:25 pm #

    http://support.apple.com/kb/HT6150

    seems to have update available for OS X Lion v10.7.5 and OS X Mountain Lion v10.8.5, at last.

Leave a Reply

XSLT by CarLake