Apple Finally Released a Fix for That Terrifying Vulnerability in OS X

The Citizen's Guide to the Future
Feb. 26 2014 11:56 AM

Apple Finally Released a Fix for That Terrifying Vulnerability in OS X

apple
Apple has a lot of promotional material about OS X's security features, but the SSL vulnerability dealt a blow to consumer trust.

Photo by Apple.

Apple finally patched the security flaw in OS X. If you haven't already, you should download the update right now over a secure connection. No, seriously do it right now. We'll still be here when you get back.

OK, cool. Basically Apple released update 10.9.2 Tuesday afternoon, almost four days after it released a fix for iOS. And the update information tries to be casual. The condensed version of the notes consists of 11 bullet points that sound ordinary. But hidden at the bottom (where usually no one will see it, except we're all going to see it because this is one of those rare times when people are actually looking for something specific in the update notes) is the line "Provides a fix for SSL connection verification."

Advertisement

A longer but still condensed list doesn't even mention SSL at all. Instead it notes some hilariously mundane features of the update like "Includes improvements to Gmail labels," and "Resolves an issue which prevented printing to printers shared by Windows XP." Gotta handle the tough issues first. It's only when you go to the detailed description of the update, and scroll for awhile (the topics are listed alphabetically), that you can read about the vulnerability fix. The document says:

Data Security
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

Similar in concept to how Apple patched the iOS vulnerability, OS X needed code that directed it to go through all the verification steps of SSL encryption and not assume a connection was safe based on one positive verification. The update patches the flaw in OS X Mavericks and OS X Mountain Lion, but it's unclear whether older operating systems will get a fix as well. If you're reading this on an Apple product and still haven't updated, you're either feeling contrary or you're just bad at following direction. Let's try it one more time. Please update now.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

History

The Self-Made Man

The story of America’s most pliable, pernicious, irrepressible myth.

The GOP Senate Candidate in Iowa Doesn’t Want Voters to Know Just How Conservative She Really Is

Does Your Child Have “Sluggish Cognitive Tempo”? Or Is That Just a Disorder Made Up to Scare You?

The Supreme Court, Throughout Its History, Has Been a Massive Disappointment

Why Indians in America Are Mad for India’s New Prime Minister

Damned Spot

Now Stare. Don’t Stop.

The perfect political wife’s loving gaze in campaign ads.

Building a Better Workplace

You Deserve a Pre-cation

The smartest job perk you’ve never heard of.

Rehtaeh Parsons Was the Most Famous Victim in Canada. Now, Journalists Can’t Even Say Her Name.

Parents, Get Your Teenage Daughters the IUD

The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
Moneybox
Sept. 30 2014 12:04 PM John Hodgman on Why He Wore a Blue Dress to Impersonate Ayn Rand
  News & Politics
Jurisprudence
Sept. 30 2014 2:36 PM This Court Erred The Supreme Court has almost always sided with the wealthy, the privileged, and the powerful, a new book argues.
  Business
Building a Better Workplace
Sept. 30 2014 1:16 PM You Deserve a Pre-cation The smartest job perk you’ve never heard of.
  Life
Education
Sept. 30 2014 1:48 PM Thrashed Florida State’s new president is underqualified and mistrusted. But here’s how he can turn it around.
  Double X
The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
  Slate Plus
Behind the Scenes
Sept. 30 2014 3:21 PM Meet Jordan Weissmann Five questions with Slate’s senior business and economics correspondent.
  Arts
Brow Beat
Sept. 30 2014 3:59 PM The Trailer for Taken 3 Is Here, and Guess Who’s on His Phone Again
  Technology
Future Tense
Sept. 30 2014 2:38 PM Scientists Use Electrical Impulses to Help Paralyzed Rats Walk Again
  Health & Science
Bad Astronomy
Sept. 30 2014 7:30 AM What Lurks Beneath the Methane Lakes of Titan?
  Sports
Sports Nut
Sept. 28 2014 8:30 PM NFL Players Die Young. Or Maybe They Live Long Lives. Why it’s so hard to pin down the effects of football on players’ lives.