OS X Mavericks patch for SSL goto fail issue now available

Since the entire debacle broke loose about SSL being broken in Mavericks and iOS it has been a curious few days. Now, the problem has at last been fixed. The OS X Mavericks 10.9.2 Update (Combo) patch is now available.

From Apple:

This update:

  • Adds the ability to make and receive FaceTime audio calls
  • Adds call waiting support for FaceTime audio and video calls
  • Adds the ability to block incoming iMessages from individual senders
  • Improves the accuracy of unread counts in Mail
  • Resolves an issue that prevented Mail from receiving new messages from certain providers
  • Improves AutoFill compatibility in Safari
  • Fixes an issue that may cause audio distortion on certain Macs
  • Improves reliability when connecting to a file server using SMB2
  • Fixes an issue that may cause VPN connections to disconnect
  • Improves VoiceOver navigation in Mail and Finder
  • Provides a fix for SSL connection verification

Glad to see this is now fixed. My curiousity is, how did this happen in the first place? Strangely there is no mention of the SSL issue on the main advisory

This fixes the problem in CVE-2014-1266. This patch fixes the problem in Mavericks that was also addressed for iOS devices under revision 7.06.

From Secunia

The vulnerability is caused due to an error when validating the authenticity of a SSL/TLS connection and can be exploited to disclose and modify data via Man-in-the-Middle (MitM) attacks.

Get your patch on now!

(Image used under CC from Twaize)

Copyright © 2014 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)