Skip to main content

Apple Rolls Security Updates Into OS X Mavericks 10.9.3

Apple has released a new update to its current desktop operating system, pushing OS X Mavericks up to version 10.9.3. The update includes iTunes 11.2 and Safari 7.0.3, but the bulk of the new release appears to be the batch of security updates (called "2014-02") that Apple released last month, most notably the emergency patch for the serious SSL vulnerability called "Triple Handshake."

Other than that, 10.9.3 improves 4K display support on Mac Pro and MacBook Pro computers with 15-inch Retina Displays, and improves IPsec-based virtual-private-network (VPN) connections on Mac devices.

MORE: 7 Ways to Lock Down Your Online Privacy

Longtime iPhone and iPad users may appreciate one seemingly minor detail: Mavericks 10.9.3 restores the ability to sync contacts and calendars between a Mac and an iOS device via a USB cable. Mavericks had previously required users to sync their Macs and iOS devices via Apple's iCloud service instead of via USB cable as previous operating systems had. 

The iTunes update, 11.2, contains a security patch that fixes a vulnerability in HTTP cookie handling through which attackers could steal users' iTunes credentials. Safari 7.0.3, meanwhile, was previously released as part of the 2014-02 security update last month, so users who installed that update should already have it.

That security update fixed the "Triple Handshake" bug, which can be exploited to snoop on Apple users' Internet traffic. The bug is named for its exploit method: Attackers could set up two encrypted connections, or "handshakes," then secretly insert themselves into that connection,  bypassing the SSL encryption that should have made traffic unreadable to outside eyes.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.