Apple has reportedly fixed the critical ‘gotofail’ security flaw in OS X that could let an attacker on the same network as a victim, eavesdrop on all user activity – even on encrypted data.
Late last week, Apple revealed the serious “gotofail” security vulnerability that allows hackers to capture and modify data, knackering the integrity of SSL encrypted communications.
This happens when the secure transfer component fails to validate the server’s authenticity while establishing a connection or skips a few steps in the validation process due to a programming bug.
On Friday afternoon, the Cupertino giant rolled out updates for their iPhones, iPods and iPads that fixed the encryption vulnerability. But experts warned that Mac desktops and laptops were still at a risk.
Apple sent out an update for Mac OS X 10.9 (Mavericks) as well as Mac OS X OS X 10.7.x (Lion) and OS X 10.8.x (Mountain Lion) on Tuesday morning. A total of 33 vulnerabilities in OS X, four in Safari and 10 in QuickTime for Windows, were patched with this update.
Apple hasn’t revealed enough information about the source of the flaw, but in a terse note acknowledged that “an attacker” could “capture or modify data” transferred with Safari, Mail, iCloud and other Apple-created applications.
In addition to the major security fix, Apple has added and improvised several features such as – addition of the ability to make and receive FaceTime audio calls with call waiting support, the ability to block incoming iMessages from individual senders, and so on. The update also includes a number of other security and stability improvements for Mail, Safari and iMessage.
Users of Mac OS X Mavericks and Mountain Lion, are recommended to download this update as soon as possible.
