Apple releases fix for SSL Vulnerability in OS X Mavericks, Mountain Lion and Lion

In the morning of Tuesday, February 25, 2014 Apple releases fix for SSL Vulnerability in OS X Mavericks, Mountain Lion and Lion.

The fix for SSL Vulnerability is included in OS X Mavericks 10.9.2.

Safari on OS X Mavericks 10.9.2 passed the goto fail test.

OS X Mavericks 10.9.2 Safari goto fail test

OS X Mavericks 10.9.2 Update

This update:

  • Adds the ability to make and receive FaceTime audio calls
  • Adds call waiting support for FaceTime audio and video calls
  • Adds the ability to block incoming iMessages from individual senders
  • Improves the accuracy of unread counts in Mail
  • Resolves an issue that prevented Mail from receiving new messages from certain providers
  • Improves AutoFill compatibility in Safari
  • Fixes an issue that may cause audio distortion on certain Macs
  • Improves reliability when connecting to a file server using SMB2
  • Fixes an issue that may cause VPN connections to disconnect
  • Improves VoiceOver navigation in Mail and Finder

For detailed information about this update, please visit: About the OS X Mavericks 10.9.2 Update

Security Update 2014-001 (Mountain Lion)

Security Update 2014-001 (Lion)

——-

The SSL Vulnerability is currently present in iOS 7.1 beta 5 build 11D5145e. According to an Apple engineer, a new build of iOS 7.1 beta is coming “really soon”.

 

SSL Vulnerability presents in iOS 7.1 beta and OS X Mavericks 10.9.2 Developer Preview

Apple released iOS 6.1.6 and iOS 7.0.6 to address an SSL vulnerability issue on Friday, February 21, 2014. According to reports, the same vulnerability presents in the current build of OS X Mavericks 10.9.1, OS X Mavericks 10.9.2 build 13C62 and iOS 7.1 beta build 11D5145e.

Based on goto fail; test Google Chrome, Mozilla Firefox and Camino on OS X are not affected by this vulnerability. Camino browser was no longer developed as of May 31, 2013.

iOS 7.1 beta 5 build 11D5145e SSL Vulnerability

Apple is expected to fix this SSL vulnerability issue in the upcoming build of iOS 7.1 and OS X Mavericks (10.91 and 10.9.2 Developer Preview).

John Gruber wrote a great post on Daring Fireball regarding this SSL vulnerability issue and NSA exploits on iOS.

According to Jeffrey Grossman’s tweet (Jeffrey903):

I have confirmed that the SSL vulnerability was introduced in iOS 6.0. It is not present in 5.1.1 and is in 6.0 /cc @markgurman

Tin foil hat might be handy, as a sleeper NSA agent might be working at Apple.

Apple seeds iOS 7.1 beta 5 build 11D5145e

As reported by many sites, Apple seeds iOS 7.1 beta 5 build 11D5145e to Developers on Tuesday, February 4, 2014.

iOS 7.1 beta 5 build 11D5145e

Typically, iOS beta would be released after 6 or 7 builds on two-week release schedule. Anyone can make an educated guess that iOS 7.1 is likely to be released sometimes in March 2014.