Wednesday, February 26, 2014

SSL Vulnerability Closed in OS X Update

Apple released Security Update 2014-001 yesterday, which closes the vulnerability discussed in my last post. Mountain Lion and Mavericks users should install this update ASAP. Note, if you are a Mountain Lion user and do not wish to update to Mavericks at this time (completely understandable, but fixable), then do not install the OS X 10.9.2 update. Select just the Software Update that includes Security Update 2014-001 as shown in the screenshot below.


OSX Software Update

The vulnerability allows your secure traffic to services such as iCloud, Gmail, and others to be intercepted. For specific details of this vulnerability, please consult the excellent writeups in ArsTechnica, The Safe Mac and Threatpost. If you haven't updated your iPhone or iPad to iOS 7.0.6, please do so now to fix the same vulnerability in iOS.