Apple has been under scrutiny recently because of the security flaw found its operating system. The major SSL security flaw was cited last February 21 following the release of the iOS 7.0.6. To address the raised problems, Apple released the OS X 10.9.2. The new system offers fixes for the SSL security problem, FaceTime Audio and More.
The bug comes in the form of a single line of errant code. It threatens users because it can allow an attacker to bypass SSL/TLS verification routines. This exposes OS X users to man-in-the-middle-attack. Wireless or shared wired networks can permit hackers to bypass communications on accessed machines. This can put passwords, log in credentials and other confidential information at risk. Attackers can also inject malware to cripple the system.
Although the SSL vulnerability can be traced back to the 2012 iOS, this only affects people using Macs running OS X 10.9. The vulnerability does not extend to Lion and Mountain Lion users.
Apple seeded the OS X 10.9.2 to developers last December. There were seven beta iterations during that time. The bug fix issued addresses OS X SSL problems, new blocking controls for FaceTime and iMessage, FaceTime Audio and FaceTime call waiting support. The emergency fix also offers Mail bug fixes including AutoFill improvements, fetching messages and a range of bug fixes and general enhancements.
Those using devices running on the OS X 10.9 Mavericks upgrade should switch to OS X 10.9.2 as soon as possible. This will immobilize the vulnerability. Upgrade details are as follows:
- OS X Mavericks Update v10.9.2 (859.70 MB)
- OS X Mavericks Update v10.9.2 (Combo) (859.70 MB)
Apart from the OS X 10.9.2 upgrade, Apple also provided security enhancements for the OS X Lion and Mountain Lion:
- Security Update 2014-001 (Mountain Lion) (115.8 MB)
- Security Update 2014-001 (Lion) (123.40 MB)
- Security Update 2014-001 Server (Lion) (173.60 MB)
Another important detail about the Mac OS X 10.9.2 update is the "goto fail" flax fix. The security can allow attackers inside a network to spy on or monitor the activities of the user. Apple was criticized for not responding just as fast.
To contact the editor, e-mail: