Apple has finally released an OS X update that plugs the gaping security hole left open by the SSL encryption bug.
Last week it was discovered that iOS had a security vulnerability which could have potentially put millions at risk, Apple released iOS 7.0.6 out of the blue to fix it. Later the company revealed that the vulnerability also existed on OS X.
While this became public knowledge, the company didn’t comment on exactly how long users have been exposed to this threat. Some hold the view that it could go as far back as an entire year, but an engineer who deals with similar programming issues at Google, Adam Langley, observed on his personal blog that Apple wouldn’t have been able to find this bug if they didn’t explicitly search for it. He chalks it up as a mistake, but there’s no denying the fact that it could have turned out to be a very costly one.
Essentially what the SSL encryption bug could have allowed attackers to do is intercept and even edit crucial information being sent by the iOS or Mac device, the information could very well be emails or login credentials. This sort of an attack is referred to as man-in-the-middle, so users wouldn’t exactly have been aware where their information was being picked up. All the attackers would have needed was a certificate signed by a “trusted CA.”
As previously mentioned, Apple has now released an update that quashes the SSL encryption bug on Mountain Lion as well as Mavericks. The fix comes as part of a larger update for OS X Mavericks, which also brings the ability to receive and make FaceTime audio calls and also includes improvements for iMessage, Mail and Safari. It is imperative for all Mac users to download and install this update as soon as possible to safeguard their data against threats stemming from this bug.