OSX security flaw

The recently reported security flaw in iOS ( About the security content of iOS 7.0.6) affects OSX as well: Apple promises fix 'very soon' for Macs with failed encryption | Reuters

OSX users should stay off any unprotected wifi networks until the flaw is patched.

 

For those not clicking the links, it's a major flaw in Apple's implementation of TLS/SSL security. Apple seems to have released a patch for iOS, but no such luck for OSX, so I'd avoid doing anything that requires security (online banking, email, etc.) until it's fixed.

Apple and the SSL/TLS bug: Open questions | ZDNet

 

Use Chrome or FF (does anyone really still use Safari) and stay off the native Mail app until it's fixed.

 

Believe it or not, some Apple die-hards on the MacRumors forums are still using Safari for Windows.

 

Turns out that the problem is a single extra line of C code (a GOTO statement) that was probably accidentally pasted in to a SSL-related function. I wonder how long it'll take to do a Ctrl + Z on that and push that update to Mavericks users .

When will Apple get serious about security? | ZDNet

Also, what respectable programmer uses GOTO? Seriously... wth?

 

when will apple get serous about security? apple's the most secured os used in the mainstream. idk what that article is thinking.

 

Great I see this thread after logging in to important sites.

Sent from my XT1049 using Tapatalk

 

Isn't the flaw mainly when you use an unsecured network? Banks etc use their own SSL so I believe that the problem is on the apple side especially if you are on an unsecured network.

I am thinking of moving to thunderbird completely as Mail is broken anyway. The mails stop syncing at times even though it has improved much from Mountain Lion days.

 

Seriously? The flaw's been publicized since Friday, Apple says they have a fix but its still not released? What in the world are they waiting for?

 

It's been four days. It takes time for tech companies to come out with an update, test it in-house, and then release it. People would be complaining a lot louder if Apple patched Mavericks only to cause other issues. Apple may have a fix but it will require some time before they release it.

 

That may be, but they did release the iOS fix last Friday, the same day the problem was reported publicly.

 

True, of course it takes some time to fix something (and especially to test it), especially with something security related such as this. Though if ZDNet is to be believed and it really is just a stray GOTO, I'd be very surprised if Apple doesn't have an update by the end of the week. Especially considering that they released the iOS update very quickly and iOS/OSX are pretty similar under the hood, from my understanding.

 

10.9.2, which fixes this issue among other things, has been released. No need to wait for the App Store to populate as Apple is providing direct download links to regular and combo updates as they have in the past.

Combo update for 10.9-10.9.1

Point update - for 10.9.1 only

 

You can't compare coding a mobile OS to a desktop OS, they are in two different leagues. An iOS bug can be, and has been, easily squashed in less than a week before yet it takes much longer to code and test a fix for a desktop OS. Besides, Apple released an update 2 hours after your second reply. Releasing an update 4 days after the bug was discovered really isn't that bad. I've waited longer for Android and Windows updates for really critical security issues, not just something that affects the system when accessing an unsecured wi-fi network.