Apple has finally addressed the encryption flaw cited just last February 21. Apple released an OS X Mavericks update for its Macintosh computers. The tech giant patched the bug allowing attackers to monitor and spy on encrypted connections. The flaw also allows attackers to obtain confidential information and even send out disguised encrypted messages.
After finding out that their users' information was at risk, Apple released a patch for iOS. The patch was released to fix the encryption flaw or "gotofail" bug which allows attackers to steal passwords, location data, usernames and other confidential information despite the encrypted network.
However, it was soon found out that the encryption flaw also affected Apple's Mac OS. The OS X Mavericks v 10.9.2 update was then released. The patch for the Mac OS was released 4 days after Apple released the patch for iOS.
The update addresses the security issues caused by the "gotofail" bug. According to Apple, the bug allows hackers to modify or acquire data in sessions supposedly secured. Users will not know if someone is spying over their connections. The threat was alarming because the Apple supposedly used Secure Sockets Layer (SSL) or Transportation Layer Security (TLS) encryption methods.
Mavericks users must update their OS to avoid problems. According to a note issued by Apple, the OS X Mavericks v10.9.2 Update offers the following updates:
"Improves AutoFill compatibility in Safari
Fixes an issue that may cause audio distortion on certain Macs
Improves reliability when connecting to a file server using SMB2
Fixes an issue that may cause VPN connections to disconnect
Improves VoiceOver navigation in Mail and Finder
Improves VoiceOver reliability when navigating websites
Improves compatibility with Gmail Archive mailboxes
Includes improvements to Gmail labels."
Before updating to the OS X Mavericks v10.9.2 update, here are some important notes to consider:
- Users should back up their system prior to installation. They can use the app Time Machine to do this.
- Users must not interrupt the installation process.
- Check if there are third-party applications in the device. This may cause problems or unexpected results during installation. It is best to remove them or check how they can work with the installation.
To update, users need to go to Apple menu () > Software Update.
"Nearly all encrypted traffic, including usernames, passwords and even Apple app updates can be captured," Aldo Cortesi, of the security consulting firm Nullcube, said in his blog post.
"It's difficult to overstate the seriousness of this issue," he added.