Sign in with
Sign up | Sign in

Serious 'Goto Fail' Flaw Gets OS X Patch: Here's How to Update

By - Source: Tom's Guide US | B 0 comment

Apple's serious security flaw in its SSL/TLS connections has now been patched on OS X, as part of the OS X 10.9.2 update released today (Feb. 25). The flaw, nicknamed "goto fail" after a repeated line in its code, undermines affected device's ability to create secure Internet connections using the common protocols SSL and TLS. That means it's easy for attackers to conduct man-in-the-middle attacks on your unprotected Internet traffic in transit, and capture sensitive information like passwords, credit card info and more.

The same flaw was discovered in iOS devices running iOS 6 and 7, but a patch for that was released on Friday, Feb. 21. The flaw was also present in Apple TVs, but has already been patched.

MORE: 7 Ways to Lock Down Your Online Privacy

To learn how to update your iOS devices and Apple TVs, check out our guide. To update your OS X computer, read on.

"Goto fail" only affects users running OS X 10.9 Mavericks. It's very important that affected users update to 10.9.2 immediately, especially if you often use public Wi-Fi networks. Do not connect to a public Wi-Fi network on an Apple device that hasn't been updated to the latest versions.

To fix the "goto fail" vulnerability on your OS X Mavericks computer, first connect to your home Internet network. Then click on the Apple icon in the upper left of your screen, and select Software Update. You should see the option to update to OS X 10.9.2.

You can also test whether your computer is currently vulnerable by opening the webpage gotofail.com in a browser.

"Goto fail" was first discovered last week when Apple released a seemingly generic security bulletin saying only that the update addressed a vulnerability that let "an attacker with a privileged network position...capture or modify data in sessions protected by SSL/TLS." These updates are often vague in order to avoid giving would-be attackers any hints.

By Saturday, members of the security community had discovered the true extent of the vulnerability. It still isn't clear how long the vulnerability existed before Apple patched it.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.


Discuss
There are 0 comments.
This thread is closed for comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter