Apple OS X 10.9.2 Released with Patch for SSL Security Flaw

Screenshot 2014 02 25 10 14 48

Apple just released OS X 10.9.2, which contains the following improvements:

  • Adds the ability to make and receive FaceTime audio calls
  • Adds call waiting support for FaceTime audio and video calls
  • Adds the ability to block incoming iMessages from individual senders
  • Includes general improvements to the stability and compatibility of Mail
  • Improves the accuracy of unread counts in Mail
  • Resolves an issue that prevented Mail from receiving new messages from certain providers
  • Improves AutoFill compatibility in Safari
  • Fixes an issue that may cause audio distortion on certain Macs
  • Improves reliability when connecting to a file server using SMB2
  • Fixes an issue that may cause VPN connections to disconnect
  • Improves VoiceOver navigation in Mail and Finder
  • Improves VoiceOver reliability when navigating websites
  • Improves compatibility with Gmail Archive mailboxes
  • Includes improvements to Gmail labels
  • Improves Safari browsing and Software Update installation when using an authenticated web proxy
  • Fixes an issue that could cause the Mac App Store to offer updates for apps that are already up to date
  • Improves the reliability of diskless NetBoot service in OS X Server
  • Fixes braille driver support for specific HandyTech displays
  • Resolves an issue when using Safe Boot with some systems
  • Improves ExpressCard compatibility for some MacBook Pro 2010 models
  • Resolves an issue which prevented printing to printers shared by Windows XP
  • Resolves an issue with Keychain that could cause repeated prompts to unlock the Local Items keychain
  • Fixes an issue that could prevent certain preference panes from opening in System Preferences
  • Fixes an issue that may prevent migration from completing while in Setup Assistant

Although there is no specific mention of the SSL security flaw in the release notes, Apple has fixed it according to Ars Technica writer Andrew Cunningham:

Your best bet is to install this update ASAP to protect your Mac. Go to the Apple menu > Software Update or open up the Mac App Store and hit up the Update tab.

Update: Here is the full list of updates released today:

Here’s Apple’s mention of the SSL fix in release notes:

Data Security

Available for: OS X Mavericks 10.9 and 10.9.1

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

CVE-ID

CVE-2014-1266

…more to follow

Founder and Editor-in-Chief of iPhoneinCanada.ca. Follow me on Twitter, and @iPhoneinCanada, and on Google+.

  • http://www.ryantoyota.com/ Ryan

    Updated. Strange that they wouldn’t mention the SSL fix specifically, in the first bullet even, if it is indeed included in this update. So many people have been waiting for it, it’s odd that this wasn’t made clear in the description.

    I also find it strange that it reset a bunch of my settings and asked me to sign in to iCloud again.

  • youreallyhavenoclue

    thanks for the heads-up on the settings!

  • Chrome262

    Mine didn’t and I heard about it yesterday afternoon but it wouldn’t show up in the App Store until I switched to US as my location. But other than that it worked ok

  • xxxJDxxx

    Shortly after updating my MacBook completely froze while loading a website in chrome. Had to do a hard restart. May be a coincidence but that’s never happened to me before.