The OS X 10.9.2 (Mavericks) fix for the SSL issue is out; Apple’s #gotofail weekend – Ashkan Soltani.
Posted by jpluimers on 2014/02/25
As a follow up of When using Apple Hardware, be prepared for security updates. iOS already there, OS X and others will follow. #gotofail:
This is a must read: Apple’s #gotofail weekend – Ashkan Soltani, and cortesi – Exploiting CVE-2014-1266 with mitmproxy.
especially since the OS X Mavericks fix is out:
- About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001.
- Twitter / ashk4n: OS X Update 10.9.2 is finally ….
- Has goto fail been fixed yet?.
–jeroen
via Norbert Rittel and Kristian Köhntopp.
Time for a new “-goto cleanup;+goto fail;” T-Shirt; The Story of the GnuTLS Bug (via: existential type crisis) « The Wiert Corner – irregular stream of stuff said
[…] A new *n*x bug got discovered in TLS certificate handling that is similar to the recently discovered iOS and OS X “goto fail” security issue. […]
Paul said
Of course you did hear about the big boo boo http://gizmodo.com/why-apples-huge-security-flaw-is-so-scary-1529041062 if you are looking for details see: https://www.imperialviolet.org/2014/02/22/applebug.html
jpluimers said
Yup. See my earlier post.