Apple has pushed out a quick fix for a gaping security hole in OSX, that would let anyone on the same network as you get your information – all the while telling you that your connection is secure. It’s in the App Store now and this is what you need to know about it.
The Fix is in
Apple has released an update to patch a bug
Apple has confirmed that the update, OSX 10.9.2 will address the SSL issue in both Snow leopard and mavericks. You can find the update in the App Store.
As we reported last week, the flaw in both iOS and OSX leaves the ‘protection’ of SSL/TLS security layer unprotected. Although your browser will show you a locked icon, indicating a secure connection, the connect would in fact be very insecure, and easily hacked by anyone on the same network.
As with all security updates, download and update now
The bug was fixed quickly on iOS devices by an upgrade to version 7.0.6, which Apple pushed yesterday, but until now there has been no fix for OS X machines.
The only hint that 10.9.2 fixes the flaw is the wording in the release notes:
The OS X Mavericks v10.9.2 Update is recommended for all OS X Mavericks users. It improves the stability, compatibility, and security of your Mac.
Apple’s Security Updates page has yet to be updated, which could indicate Apple isn’t sure the problem has been completely fixed. Its worth keeping an eye on It, but until then, grab that update.[Via iTunes]