Apple Patches Mavericks SSL Flaw: Update NowApple Patches Mavericks SSL Flaw: Update Now
Security update patches "goto fail" flaw that enables attackers to intercept communications, but won't help the 23% of Macs running older OS
February 26, 2014
Apple has released a patch for OS X to fix a critical "goto fail" SSL flaw that attackers could use to eavesdrop on a target's communications, including everything from emails and address book appointments to FaceTime video chats and Find My Mac tracking information.
"The bug was caused by a line of C code that says 'goto fail,' which was a self-descriptive irony too amusing to ignore," said Paul Ducklin, head of technology for Sophos in the Asia Pacific region, in a blog post.
Apple's security update fixes that "SSL connection verification" flaw -- as the technology giant instead labeled it -- in OS X Mavericks 10.9 and 10.9.1, as well as a number of other security problems. Meanwhile, the company also issued security updates for OS X Lion v10.7.5, OS X Mountain Lion v10.8.5, and OS X Lion Server 10.7.5, although none of them are reportedly vulnerable to the goto-fail bug.
Read the full article here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Read more about:2014
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023