Major Flaw to Mavericks 10.9 fixed by Apple
It’s time to call or email [email protected] to update your Macs and iOS devices. See below:
From The New York Times 2-26-14:
Apple has finally issued a security update to its OS X Mavericks software for Macintosh computers, patching a bug that could have let hackers eavesdrop on supposedly encrypted connections and steal everything from usernames and passwords to location data.
Version 10.9.2 comes four days after Apple patched iOS, its mobile operating system, to close the same hole. The OS X update addresses several security issues, including the so-called “goto fail” code bug, which Apple said could allow an attacker to capture or modify data in sessions users believe are protected by the Secure Sockets Layer (SSL) or Transportation Layer Security (TLS) encryption methods.
The flaw is extremely serious, and any Mavericks users who haven’t yet updated their OS should do so immediately. In a nutshell, the bug prevents the validation of encryption certificates from supposedly secure servers. So, your Mac or iOS device could think it has received a signed encryption certificate from your bank’s website, but there’s no way to validate that the certificate came from the bank — it could be from a fraudulent website pretending to be the bank and gathering personal data as you type.
The errant code affected Apple’s Safari browser as well as iCloud, the Mail email client and any other applications created by Apple, because the company uses its own implementation of SSL/TLS.