Apple OS X 10.9.2 Released with Patch for SSL Security Flaw

Screenshot 2014 02 25 10 14 48

Apple just released OS X 10.9.2, which contains the following improvements:

  • Adds the ability to make and receive FaceTime audio calls
  • Adds call waiting support for FaceTime audio and video calls
  • Adds the ability to block incoming iMessages from individual senders
  • Includes general improvements to the stability and compatibility of Mail
  • Improves the accuracy of unread counts in Mail
  • Resolves an issue that prevented Mail from receiving new messages from certain providers
  • Improves AutoFill compatibility in Safari
  • Fixes an issue that may cause audio distortion on certain Macs
  • Improves reliability when connecting to a file server using SMB2
  • Fixes an issue that may cause VPN connections to disconnect
  • Improves VoiceOver navigation in Mail and Finder
  • Improves VoiceOver reliability when navigating websites
  • Improves compatibility with Gmail Archive mailboxes
  • Includes improvements to Gmail labels
  • Improves Safari browsing and Software Update installation when using an authenticated web proxy
  • Fixes an issue that could cause the Mac App Store to offer updates for apps that are already up to date
  • Improves the reliability of diskless NetBoot service in OS X Server
  • Fixes braille driver support for specific HandyTech displays
  • Resolves an issue when using Safe Boot with some systems
  • Improves ExpressCard compatibility for some MacBook Pro 2010 models
  • Resolves an issue which prevented printing to printers shared by Windows XP
  • Resolves an issue with Keychain that could cause repeated prompts to unlock the Local Items keychain
  • Fixes an issue that could prevent certain preference panes from opening in System Preferences
  • Fixes an issue that may prevent migration from completing while in Setup Assistant

Although there is no specific mention of the SSL security flaw in the release notes, Apple has fixed it according to Ars Technica writer Andrew Cunningham:

Your best bet is to install this update ASAP to protect your Mac. Go to the Apple menu > Software Update or open up the Mac App Store and hit up the Update tab.

Update: Here is the full list of updates released today:

Here’s Apple’s mention of the SSL fix in release notes:

Data Security

Available for: OS X Mavericks 10.9 and 10.9.1

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

CVE-ID

CVE-2014-1266

…more to follow

P.S. - Like our news? Support the site with a coffee/beer. Or shop with our Amazon link. We use affiliate links when possible--thank you for supporting independent media.