Wednesday, February 26, 2014

SSL Vulnerability Closed in OS X Update

Apple released Security Update 2014-001 yesterday, which closes the vulnerability discussed in my last post. Mountain Lion and Mavericks users should install this update ASAP. Note, if you are a Mountain Lion user and do not wish to update to Mavericks at this time (completely understandable, but fixable), then do not install the OS X 10.9.2 update. Select just the Software Update that includes Security Update 2014-001 as shown in the screenshot below.

OSX Software Update

The vulnerability allows your secure traffic to services such as iCloud, Gmail, and others to be intercepted. For specific details of this vulnerability, please consult the excellent writeups in ArsTechnica, The Safe Mac and Threatpost. If you haven't updated your iPhone or iPad to iOS 7.0.6, please do so now to fix the same vulnerability in iOS.

Monday, February 24, 2014

Public Service Announcement for iOS and OS X users

On Friday, Apple released version 7.0.6 for iOS (iPhone / iPad) users. Go to Settings on your iOS device and install this update now.

What's the deal? A very serious vulnerability that exposes the secure communication link between your device and any services that you use (Gmail, Facebook, Dropbox, online banking, etc).

The exploit package is already being circulated on the Internet. This vulnerability affects not only iOS, but also OS X. Apple has not patched OS X yet, so stay tuned here. I'll post when Apple releases the update for your Mac.

If you'd like to read the technical details of this vulnerability, read this and this. But first, please update your devices!