Apple Patches Mavericks SSL Flaw: Update NowSecurity update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS
Apple has released a patch for OS X to fix a critical "goto fail" SSL flaw that attackers could use to eavesdrop on a target's communications, including everything from emails and address book appointments to FaceTime video chats and Find My Mac tracking information.
"The bug was caused by a line of C code that says 'goto fail,' which was a self-descriptive irony too amusing to ignore," said Paul Ducklin, head of technology for Sophos in the Asia Pacific region, in a blog post.
Apple's security update fixes that "SSL connection verification" flaw -- as the technology giant instead labeled it -- in OS X Mavericks 10.9 and 10.9.1, as well as a number of other security problems. Meanwhile, the company also issued security updates for OS X Lion v10.7.5, OS X Mountain Lion v10.8.5, and OS X Lion Server 10.7.5, although none of them are reportedly vulnerable to the goto-fail bug.
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Mathew Schwartz is a freelance writer, editor, and photographer, as well the InformationWeek information security reporter.
View Full Bio