The so-called "gotofail" flaw could let an attacker on the same network as a victim eavesdrop on all user activity.
The so-called "gotofail" flaw, which stemmed from an extra line accidentally added in Apple's source code, could let an attacker on the same network as a victim eavesdrop on all user activity. Apple on Friday pushed out an update for the iPhone, iPad, and iPod touch, but experts warned that Mac desktops and laptops were still at risk.
Tuesday's security update, OS X version 10.9.2, fixes the bug in both OS X Mavericks and the older Mountain Lion; older versions of Mac OS X are not believed to be affected. To get the update, head to your Mac's Apple menu and select Software Update. Users should install the update as soon as possible.
Apple did not reveal too much information about the problem, though experts who have studied the bug said hackers could launch man in the middle attacks to intercept messages as they pass from a user's device to trusted sites like Gmail, Facebook, or even online banking.
"An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS," Apple said in its original advisory.
Besides just patching the scary SSL bug, the update includes a number of other security and stability improvements for Mail, Safari, and iMessage, as well as the ability to make and receive FaceTime audio calls on your Mac. There's also call waiting support for FaceTime audio and video calls, and the ability to block iMessages from individual senders.
No comments:
Post a Comment