Apple finally patched the security flaw in OS X. If you haven't already, you should download the update right now over a secure connection. No, seriously do it right now. We'll still be here when you get back.
OK, cool. Basically Apple released update 10.9.2 Tuesday afternoon, almost four days after it released a fix for iOS. And the update information tries to be casual. The condensed version of the notes consists of 11 bullet points that sound ordinary. But hidden at the bottom (where usually no one will see it, except we're all going to see it because this is one of those rare times when people are actually looking for something specific in the update notes) is the line "Provides a fix for SSL connection verification."
A longer but still condensed list doesn't even mention SSL at all. Instead it notes some hilariously mundane features of the update like "Includes improvements to Gmail labels," and "Resolves an issue which prevented printing to printers shared by Windows XP." Gotta handle the tough issues first. It's only when you go to the detailed description of the update, and scroll for awhile (the topics are listed alphabetically), that you can read about the vulnerability fix. The document says:
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.
Similar in concept to how Apple patched the iOS vulnerability, OS X needed code that directed it to go through all the verification steps of SSL encryption and not assume a connection was safe based on one positive verification. The update patches the flaw in OS X Mavericks and OS X Mountain Lion, but it's unclear whether older operating systems will get a fix as well. If you're reading this on an Apple product and still haven't updated, you're either feeling contrary or you're just bad at following direction. Let's try it one more time. Please update now.
TODAY IN SLATE
The Self-Made Man
The story of America’s most pliable, pernicious, irrepressible myth.
The GOP Senate Candidate in Iowa Doesn’t Want Voters to Know Just How Conservative She Really Is
Does Your Child Have “Sluggish Cognitive Tempo”? Or Is That Just a Disorder Made Up to Scare You?
The Supreme Court, Throughout Its History, Has Been a Massive Disappointment
Why Indians in America Are Mad for India’s New Prime Minister
Now Stare. Don’t Stop.
The perfect political wife’s loving gaze in campaign ads.
You Deserve a Pre-cation
The smartest job perk you’ve never heard of.