Apple fixes severe security bug with OS X 10.9.2 Maverick update

Apple has finally fixed a serious OS X security vulnerability that had left millions exposed to potential eavesdropping or account hijacking. Apple released OS X 10.9.2 update for all the Maverick users, which, amongst minor bug fixes, patches the SSL (Secure Sockets Layer) bug in the operating system.

The bug could allow full transparent interception of HTTPS traffic and had apparently gone unpatched since iOS 6′s release in 2012. The security vulnerability quickly came to be known as the “gotofail” bug after a review of Apple’s publicly posted code showed an errant duplicate statement created the glitch. Apple previously released a fix for iOS devices February 21.

Apple posted on their website, the company revealed that the fix was for something quite serious: Without the patch, “an attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS.” The data could be transferred with Safari, Mail and iCloud.

Chrome and Firefox which rely on different implementations of SSL/TLS, meant that these weren’t subject to the same vulnerability, as it’s in Apple’s code.

  • olafva

    Everyone must be trying to update now as the update on my wife’s MacBook (retina)
    estimates 3 days 6 hours to complete the update after downloading 108/850MB upload on Maveriks. At 1am last night updating mine took about 10 minutes. I guess the early bird gets the worm.