SSL fix for OS X? (or only for IOS?)

Discussion in 'OS X Mavericks (10.9)' started by CavemanMike, Feb 25, 2014.

  1. CavemanMike macrumors regular

    Joined:
    Nov 8, 2013
    #1
    Does the SSL security problem which affects IOS6 AND IOS7 iphones/ipad affect mac's as well? (e.g. my macbook pro retina with OS X Mavericks?)

    If so, is it only affecting safari? Would other browsers be affected, or is the problem with the OS affecting ALL browsers?

    Thanks,

    Mike
     
  2. andijames macrumors member

    Joined:
    Sep 2, 2010
    Location:
    Manchester, UK
    #2
    The SSL bug does indeed effect mavericks and i wouldn't at all be surprised to see 10.9.2 pushed out sooner rather than later now with this fix included with it.

    It affects anything that uses the SSL library so will be used in Messages, Calendar, Contacts etc.

    iOS was updated to protect against this with 7.0.6 but again wouldn't be shocked to see 7.1 pushed out alongside the Mavericks point release.
     
  3. CavemanMike thread starter macrumors regular

    Joined:
    Nov 8, 2013
    #3
  4. scaredpoet macrumors 604

    scaredpoet

    Joined:
    Apr 6, 2007
    #4
    It wasn't JUST a problem on Public Wifi, though public wifi hotspots are the most likely, easiest way for someone to exploit it

    In any case, if you haven't updated to 10.9.2, you should ASAP. It contains the fix for the issue.
     
  5. CavemanMike thread starter macrumors regular

    Joined:
    Nov 8, 2013
    #5
    Thank you!

    Yes, updated my mac this afternoon with an unexpected new feature:

    Now on my mac book pro 2013 retina: a quick accidental press of the power button does not put my mac to sleep instantly! (you hold it for a few seconds) which is AWESOME!
     
  6. sjinsjca macrumors 68000

    sjinsjca

    Joined:
    Oct 30, 2008
    #6
    10.9.2 is available for a free update, and it fixes the SSL issue.

    The SSL issue was NOT limited to Safari. Any software that relied on the OS to manage SSL was affected, including Mail and even the App Store. (Some software like Firefox used different libraries and was safe from this particular vulnerability.)

    Having said that, the issue was an arcane one and required an attacker to be in a privileged position on your network or elsewhere in the chain between you and your target service, meaning at the router or ISP for all intents and purposes. So your home WiFi wasn't likely to be a risk, but perhaps there was a coffee shop somewhere with an Evil Barista who could exploit this.

    Anyway. Update.
     

Share This Page