• United States




OS X Mavericks patch for SSL goto fail issue now available

Feb 25, 20142 mins
Application SecurityPrivacy

Since the entire debacle broke loose about SSL being broken in Mavericks and iOS it has been a curious few days. Now, the problem has at last been fixed. The OS X Mavericks 10.9.2 Update (Combo) patch is now available.

From Apple:

This update:

  • Adds the ability to make and receive FaceTime audio calls
  • Adds call waiting support for FaceTime audio and video calls
  • Adds the ability to block incoming iMessages from individual senders
  • Improves the accuracy of unread counts in Mail
  • Resolves an issue that prevented Mail from receiving new messages from certain providers
  • Improves AutoFill compatibility in Safari
  • Fixes an issue that may cause audio distortion on certain Macs
  • Improves reliability when connecting to a file server using SMB2
  • Fixes an issue that may cause VPN connections to disconnect
  • Improves VoiceOver navigation in Mail and Finder
  • Provides a fix for SSL connection verification

Glad to see this is now fixed. My curiousity is, how did this happen in the first place? Strangely there is no mention of the SSL issue on the main advisory

This fixes the problem in CVE-2014-1266. This patch fixes the problem in Mavericks that was also addressed for iOS devices under revision 7.06.

From Secunia

The vulnerability is caused due to an error when validating the authenticity of a SSL/TLS connection and can be exploited to disclose and modify data via Man-in-the-Middle (MitM) attacks.

Get your patch on now!

(Image used under CC from Twaize)


Dave Lewis has over two decades of industry experience. He has extensive experience in IT security operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast.

The opinions expressed in this blog are those of Dave Lewis and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author