There is a new SSL vulnerability- more info on it is here
http://www.forbes.com/sites/jamesly...y-vulnerability-breaks-sslv3-secure-browsing/
For those of us using Firefox it can be mitigated by using the about:config tool and changing SSL versions. For those of us using Safari (I use both, each for different things) since its not possible to change the SSL version used, we are stuck - at least on 10.9.5- with being unable to do anything until Apple decides to. Anyone wanting to test their browser(s) the Qualsys site is here
https://www.ssllabs.com/ssltest/viewMyClient.html#1413504178193&frame_loaded
I downloaded Apple Security update 2014-005 earlier today hoping they would be a bit quicker response wise to this given their record on the earlier SSL problems. After installing and rebooting, Safari still fails the vulnerability test.I do not know whether Yosemite shares this vuln in their version of Safari. Additionally I attempted to download the ITunes update twice. Downloaded twice and when it attempted to install, the update program crashed twice. Restarting the program it shows I have installed the new version of ITunes twice (recent updates) and still shows ITunes 12 available as a needed update.
I have not succumbed to the desire for Yosemite even though I am an OSX developer. I know everyone is excited about the new candy-- I am traveling in South America and I have this laptop and no other machine so I administer this the way one should a machine in a production environment. Given the increasing rush to market, and the responsiveness in patching problems in existing software I am beginning to think more and more about making the move to a non Apple environment although recently, all seem to have their problems. I don't particularly like where OSX is going compared to where it used to be in the Lion days. Seems like the new stuff doesn't work as well or as stable. The shine is slowly going off the apple for me at least.
Regards
Expat
http://www.forbes.com/sites/jamesly...y-vulnerability-breaks-sslv3-secure-browsing/
For those of us using Firefox it can be mitigated by using the about:config tool and changing SSL versions. For those of us using Safari (I use both, each for different things) since its not possible to change the SSL version used, we are stuck - at least on 10.9.5- with being unable to do anything until Apple decides to. Anyone wanting to test their browser(s) the Qualsys site is here
https://www.ssllabs.com/ssltest/viewMyClient.html#1413504178193&frame_loaded
I downloaded Apple Security update 2014-005 earlier today hoping they would be a bit quicker response wise to this given their record on the earlier SSL problems. After installing and rebooting, Safari still fails the vulnerability test.I do not know whether Yosemite shares this vuln in their version of Safari. Additionally I attempted to download the ITunes update twice. Downloaded twice and when it attempted to install, the update program crashed twice. Restarting the program it shows I have installed the new version of ITunes twice (recent updates) and still shows ITunes 12 available as a needed update.
I have not succumbed to the desire for Yosemite even though I am an OSX developer. I know everyone is excited about the new candy-- I am traveling in South America and I have this laptop and no other machine so I administer this the way one should a machine in a production environment. Given the increasing rush to market, and the responsiveness in patching problems in existing software I am beginning to think more and more about making the move to a non Apple environment although recently, all seem to have their problems. I don't particularly like where OSX is going compared to where it used to be in the Lion days. Seems like the new stuff doesn't work as well or as stable. The shine is slowly going off the apple for me at least.
Regards
Expat