Mac OS X 10.9.2 released. Apple fixes critical SSL security hole

Graham Cluley

Apple has just issued OS X Mavericks version 10.9.2, fixing the same serious SSL security hole that they fixed for iPhone and iPad users at the end of last week.

Here is what you should see if you go into the Mac OS X App Store, and look for updates:

OS X 10.9.2 update

Mac OS X 10.9.2 has been pushed out of the door primarily to fix the embarrassing so-called “gotofail” flaw that could have made it possible for hackers to intercept communications between computers running Mavericks and secure websites.

As I explained at the time, the privacy hole was created because of a flaw in Apple’s source code:

A fumbling programmer accidentally introduced the security hole by including two “goto fail” lines in the code, one immediately after the other.

Mavericks App Store, home for OS updatesThe first one is in the right place, but the second shouldn’t be there. That duplicate line wrecks the code’s intended execution path, meaning that a critical authentication check doesn’t occur.

It is now obviously important that iMac and MacBook users update their copy of Mavericks at the earliest opportunity (users of earlier versions of Mac OS X are not thought to be affected), before online criminals manage to take advantage of the flaw.

Companies and organisations typically like to take their time rolling out operating system updates, in case there are incompatibilities or unintended consequences of pushing out a new update to the computers on their network.

Home users, however, are typically more relaxed, eager to upgrade to the latest and “greatest” version of their preferred operating system.

I would certainly encourage users to upgrade to OS X Mavericks 10.9.2, but it’s always sensible to make a secure backup of your computer first, just in case…

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Mac OS X 10.9.2 released. Apple fixes critical SSL security hole”

  1. http://support.apple.com/kb/HT6150

    seems to have update available for OS X Lion v10.7.5 and OS X Mountain Lion v10.8.5, at last.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES