Apple has finally fixed a serious OS X security vulnerability that had left millions exposed to potential eavesdropping or account hijacking. Apple released OS X 10.9.2 update for all the Maverick users, which, amongst minor bug fixes, patches the SSL (Secure Sockets Layer) bug in the operating system.
The bug could allow full transparent interception of HTTPS traffic and had apparently gone unpatched since iOS 6’s release in 2012. The security vulnerability quickly came to be known as the “gotofail” bug after a review of Apple’s publicly posted code showed an errant duplicate statement created the glitch. Apple previously released a fix for iOS devices February 21.
Apple posted on their website, the company revealed that the fix was for something quite serious: Without the patch, “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” The data could be transferred with Safari, Mail and iCloud.
Chrome and Firefox which rely on different implementations of SSL/TLS, meant that these weren’t subject to the same vulnerability, as it’s in Apple’s code.