clock menu more-arrow no yes

Filed under:

Apple issues fix for major security flaw on OS X

New, 76 comments
Apple iPad mini event 2012 locations
Apple iPad mini event 2012 locations

Apple has released an update to OS X that patches the large security vulnerability identified last week. The flaw stemmed from an erroneous line of code and meant that certain apps on Macs, iPhones, and iPads were susceptible to man-in-the-middle attacks, potentially allowing a hacker to pose as a trusted website or service. Johns Hopkins cryptographer Matthew Green called the flaw "seriously exploitable" after it was identified last week by Apple itself. At the time, Apple released an update to iOS 7 that resolved the issue on mobile, but security researchers discovered that it was still active on the latest Macs and called for it to quickly be fixed.

The patch is bundled with updates to FaceTime and other apps on Mavericks

Today's security update, which is available by selecting Software Update inside a Mac's Apple menu, is said to resolve the issue on both OS X Mavericks and Mountain Lion. On Mavericks, Apple is releasing the patch as part of a larger update that brings the operating system to version 10.9.2, which includes small improvements to Mail, iMessage, and Safari, and adds the ability to make and receive FaceTime audio calls.

Those are minor points compared to the security update though, as the flaw made waves over the weekend when iPhone, iPad, and Mac owners discovered the major vulnerability. The issue was quickly nicknamed "goto fail" for the line of code that caused it, and some party even set up a website to detail the problem and whether or not it had been resolved. It looks as though the vulnerability will no longer be an issue for anyone who updates to iOS' and OS X's latest releases — and Apple is likely hoping that owners of its devices will do that sooner rather than later.