Mac OS X 10.9.2 released. Apple fixes critical SSL security hole


Apple has just issued OS X Mavericks version 10.9.2, fixing the same serious SSL security hole that they fixed for iPhone and iPad users at the end of last week.

Here is what you should see if you go into the Mac OS X App Store, and look for updates:

OS X 10.9.2 update

Mac OS X 10.9.2 has been pushed out of the door primarily to fix the embarrassing so-called “gotofail” flaw that could have made it possible for hackers to intercept communications between computers running Mavericks and secure websites.

As I explained at the time, the privacy hole was created because of a flaw in Apple’s source code:

A fumbling programmer accidentally introduced the security hole by including two “goto fail” lines in the code, one immediately after the other.

Mavericks App Store, home for OS updatesThe first one is in the right place, but the second shouldn’t be there. That duplicate line wrecks the code’s intended execution path, meaning that a critical authentication check doesn’t occur.

It is now obviously important that iMac and MacBook users update their copy of Mavericks at the earliest opportunity (users of earlier versions of Mac OS X are not thought to be affected), before online criminals manage to take advantage of the flaw.

Companies and organisations typically like to take their time rolling out operating system updates, in case there are incompatibilities or unintended consequences of pushing out a new update to the computers on their network.

Home users, however, are typically more relaxed, eager to upgrade to the latest and “greatest” version of their preferred operating system.

I would certainly encourage users to upgrade to OS X Mavericks 10.9.2, but it’s always sensible to make a secure backup of your computer first, just in case…

Tags: , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , ,

One Response

  1. seiko

    February 25, 2014 at 9:25 pm #

    seems to have update available for OS X Lion v10.7.5 and OS X Mountain Lion v10.8.5, at last.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.