Apple OS X 10.9.2 Released with Patch for SSL Security Flaw

Apple just released OS X 10.9.2, which contains the following improvements:

• Adds the ability to make and receive FaceTime audio calls
• Adds call waiting support for FaceTime audio and video calls
• Adds the ability to block incoming iMessages from individual senders
• Includes general improvements to the stability and compatibility of Mail
• Improves the accuracy of unread counts in Mail
• Resolves an issue that prevented Mail from receiving new messages from certain providers
• Improves AutoFill compatibility in Safari
• Fixes an issue that may cause audio distortion on certain Macs
• Improves reliability when connecting to a file server using SMB2
• Fixes an issue that may cause VPN connections to disconnect
• Improves VoiceOver navigation in Mail and Finder
• Improves VoiceOver reliability when navigating websites
• Improves compatibility with Gmail Archive mailboxes
• Includes improvements to Gmail labels
• Improves Safari browsing and Software Update installation when using an authenticated web proxy
• Fixes an issue that could cause the Mac App Store to offer updates for apps that are already up to date
• Improves the reliability of diskless NetBoot service in OS X Server
• Fixes braille driver support for specific HandyTech displays
• Resolves an issue when using Safe Boot with some systems
• Improves ExpressCard compatibility for some MacBook Pro 2010 models
• Resolves an issue which prevented printing to printers shared by Windows XP
• Resolves an issue with Keychain that could cause repeated prompts to unlock the Local Items keychain
• Fixes an issue that could prevent certain preference panes from opening in System Preferences
• Fixes an issue that may prevent migration from completing while in Setup Assistant

Although there is no specific mention of the SSL security flaw in the release notes, Apple has fixed it according to Ars Technica writer Andrew Cunningham:

OS X 10.9.2 fixes the goto fail SSL bug in OS X. Install the update ASAP, writeup to follow.

— Andrew Cunningham (@AndrewWrites) February 25, 2014

Your best bet is to install this update ASAP to protect your Mac. Go to the Apple menu > Software Update or open up the Mac App Store and hit up the Update tab.

Update: Here is the full list of updates released today:

• OS X Mavericks 10.9.2 Update, Release Notes
• OS X Mavericks 10.9.2 Update (Combo), Release Notes
• Security Update 2014-001 (Lion), Release Notes
• Security Update 2014-001 (Mountain Lion), Release Notes
• Security Update 2014-001 Server (Lion), Release Notes

Here’s Apple’s mention of the SSL fix in release notes:

Data Security

Available for: OS X Mavericks 10.9 and 10.9.1

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

CVE-ID

CVE-2014-1266

…more to follow