Posted on

Critical OS X and iOS Security Updates

Apple today released OS X 10.9.2, which includes a fix for a major SSL security flaw that first came to light on Friday, after the release of iOS 7.0.6.

The bug, which was introduced in the form of a single line of errant code that allowed an attacker to bypass SSL/TLS verification routines, left OS X users vulnerable to a man-in-the-middle attack. Shared wired or wireless networks could allow an attacker to intercept communications on affected machines, acquiring sensitive information like login credentials and passwords, or injecting harmful malware.

While the SSL vulnerability was first introduced to iOS in 2012, it only affects Macs running OS X 10.9. Lion and Mountain Lion users are not affected.

OS X 10.9.2 was first seeded to developers in December and has seen seven beta iterations since that time. Along with an emergency fix for the SSL bug, OS X 10.9.2 also includes FaceTime Audio, new blocking controls for iMessage and FaceTime, call waiting support for FaceTime, Mail fixes for bugs with fetching messages, AutoFill improvements, and several other bug fixes and general improvements.

It is recommended that all users running OS X 10.9 Mavericks upgrade to OS X 10.9.2 as soon as possible to disable the vulnerability. The updates can be obtained by using Software Update, or grabbing one the installers below.

OS X Mavericks Update v10.9.2 (859.70 MB)
OS X Mavericks Update v10.9.2 (Combo) (859.70 MB)

Users of iOS devices such as iPhones and iPads should also ensure that those devices are up to date. The iOS update was released last Friday.

via MacRumors