Mac OS X 10.9.2 released. Apple fixes critical SSL security hole

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Apple has just issued OS X Mavericks version 10.9.2, fixing the same serious SSL security hole that they fixed for iPhone and iPad users at the end of last week.

Here is what you should see if you go into the Mac OS X App Store, and look for updates:

OS X 10.9.2 update

Mac OS X 10.9.2 has been pushed out of the door primarily to fix the embarrassing so-called “gotofail” flaw that could have made it possible for hackers to intercept communications between computers running Mavericks and secure websites.

Sign up to our free newsletter.
Security news, advice, and tips.

As I explained at the time, the privacy hole was created because of a flaw in Apple’s source code:

Apple code

A fumbling programmer accidentally introduced the security hole by including two “goto fail” lines in the code, one immediately after the other.

Mavericks App Store, home for OS updatesThe first one is in the right place, but the second shouldn’t be there. That duplicate line wrecks the code’s intended execution path, meaning that a critical authentication check doesn’t occur.

It is now obviously important that iMac and MacBook users update their copy of Mavericks at the earliest opportunity (users of earlier versions of Mac OS X are not thought to be affected), before online criminals manage to take advantage of the flaw.

Companies and organisations typically like to take their time rolling out operating system updates, in case there are incompatibilities or unintended consequences of pushing out a new update to the computers on their network.

Home users, however, are typically more relaxed, eager to upgrade to the latest and “greatest” version of their preferred operating system.

I would certainly encourage users to upgrade to OS X Mavericks 10.9.2, but it’s always sensible to make a secure backup of your computer first, just in case…


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Mac OS X 10.9.2 released. Apple fixes critical SSL security hole”

  1. seiko

    http://support.apple.com/kb/HT6150

    seems to have update available for OS X Lion v10.7.5 and OS X Mountain Lion v10.8.5, at last.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.