Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Releases OS X 10.9.2 With Fix for Major SSL Vulnerability, FaceTime Audio

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,523
30,808



Apple today released OS X 10.9.2, which includes a fix for a major SSL security flaw that first came to light on Friday, after the release of iOS 7.0.6.

1092.jpg
The bug, which was introduced in the form of a single line of errant code that allowed an attacker to bypass SSL/TLS verification routines, left OS X users vulnerable to a man-in-the-middle attack. Shared wired or wireless networks could allow an attacker to intercept communications on affected machines, acquiring sensitive information like login credentials and passwords, or injecting harmful malware.

10_9_2_goto.jpg
Test on gotofail.com after updating to OS X 10.9.2
While the SSL vulnerability was first introduced to iOS in 2012, it only affects Macs running OS X 10.9. Lion and Mountain Lion users are not affected.

OS X 10.9.2 was first seeded to developers in December and has seen seven beta iterations since that time. Along with an emergency fix for the SSL bug, OS X 10.9.2 also includes FaceTime Audio, new blocking controls for iMessage and FaceTime, call waiting support for FaceTime, Mail fixes for bugs with fetching messages, AutoFill improvements, and several other bug fixes and general improvements.

It is recommended that all users running OS X 10.9 Mavericks upgrade to OS X 10.9.2 as soon as possible to disable the vulnerability.

- OS X Mavericks Update v10.9.2 (859.70 MB)
- OS X Mavericks Update v10.9.2 (Combo) (859.70 MB)

Alongside OS X 10.9.2, Apple has also released security updates for OS X Mountain Lion and Lion:

- Security Update 2014-001 (Mountain Lion) (115.8 MB)

- Security Update 2014-001 (Lion) (123.40 MB)
- Security Update 2014-001 Server (Lion) (173.60 MB)

Article Link: Apple Releases OS X 10.9.2 With Fix for Major SSL Vulnerability, FaceTime Audio
 
Article Link
https://www.macrumors.com/2014/02/25/osx-update-ssl-facetime-audio/
S

seble

macrumors 6502a
Sep 6, 2010
972
163
I hope it fixes odd window placement bugs and failing to wake from sleep. Oh and the weird 'your computer is out of memory' bug that my late 2012 iMac got last week... I'm checking this update careful Apple...
 
AngerDanger

AngerDanger

Graphics
Staff member
Dec 9, 2008
5,452
29,003
MacRumors said:
The bug, which was introduced in the form of a single line of errant code that allowed an attacker to bypass SSL/TLS verification routines, left OS X users vulnerable to a man-in-the-middle attack. Shared wired or wireless networks could allow an attacker to intercept communications on affected machines, acquiring sensitive information like login credentials and passwords, or injecting harmful malware.
Click to expand...

Ah, yes, the man-in-the-middle attack…

medium_MARVIN%20SAPP%20FAMILY.JPG
 
Last edited:
T

TsMkLg068426

macrumors 65816
Mar 31, 2009
1,498
343
God I hope it fixes the issue with Microsoft Silverlight on Netflix where it stops streaming in HD (I doubt it) and also Apple TV needs a update where it fixes Netflix from snapping back to SD.
 
hammie14

hammie14

macrumors regular
Mar 18, 2010
243
142
UK
769mb for a late 2013 rMBP

460mb (or there a bouts) for a 2012 MBA

Wonder why the huge difference in size?
 
petvas

petvas

macrumors 603
Jul 20, 2006
5,479
1,807
Munich, Germany
With this release Mavericks achieves a good maturity level. The last weeks with 10.9.2 were much better than with the previous versions, especial Mail.app has become much better.
 
M

milo

macrumors 604
Sep 23, 2003
6,891
522
Hopefully we'll see a download link soon, doesn't show up on apple's main download page yet.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom