Skip to navigation
Latest News

Apple issues fix for "embarrassing" Mac flaw

Apple logo

By Reuters and Nicole Kobie

Posted on 26 Feb 2014 at 08:22

Apple has issued fixes for a security flaw in its Mac computers that allows hackers to intercept data such as email, patching a major and embarrassing glitch that came to light several days ago.

The security update for users of Apple's OS X computer operating software follows a fix issued for iPhones last week, meaning all Apple device users now have access to the patch.

The flaw allowed attackers with access to a mobile user's network, such as a shared unsecured wireless service offered by a cafe, to see or alter exchanges between the user and protected sites such as Google's Gmail or Facebook.

Governments with access to telecom carrier data could do the same, experts said.

The flaw was related to the way in which well-understood protocols were implemented, and how Apple's software recognises digital certificates used by websites to establish encrypted connections.

Security expert Graham Cluley called the flaw "embarrassing", saying it was caused by a programmer including a "goto fail" line twice in succession, where it was only needed once. "The first one is in the right place, but the second shouldn’t be there," he noted. "That duplicate line wrecks the code’s intended execution path, meaning that a critical authentication check doesn’t occur."

Researchers have said the bug could have been present for months. Apple has not said when or how it learned about the flaw in the way iOS handles sessions, in what are known as secure sockets layer (SSL) or transport layer security. Nor has it said whether the flaw was being exploited.

Apple said in a statement that the Mac security update also improved features such as its FaceTime videoconferencing service and email.

Update now

Experts advised users to update their systems immediately.

"It is now obviously important that iMac and MacBook users update their copy of Mavericks at the earliest opportunity (users of earlier versions of Mac OS X are not thought to be affected), before online criminals manage to take advantage of the flaw," said Cluley.

"I would certainly encourage users to upgrade to OS X Mavericks 10.9.2, but it’s always sensible to make a secure backup of your computer first, just in case," he added.

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

It had to happen...

Let me be the first to say "told you so" to those smug gits who banged on about how secure OSX was compared to Windows.....

By wittgenfrog on 26 Feb 2014

And...

... I bet you feel SO much better for saying that... Well done you.

By mrmmm on 26 Feb 2014

Fair comment, I say.

Wittgenfrog took enough flak for the timely warnings and is entitled to point out when the critics are proved wrong.
There is no need for sour grapes from anyone.
(Although I understand how shattered illusions can hurt all the more because you know you have been ignoring the warnings.)

By jayardine1 on 26 Feb 2014

Fair comment, I say.

Wittgenfrog took enough flak for the timely warnings and is entitled to point out when the critics are proved wrong.
There is no need for sour grapes from anyone.
(Although I understand how shattered illusions can hurt all the more because you know you have been ignoring the warnings.)

By jayardine1 on 26 Feb 2014

But also...

It's fixed and so smugness can commence once more

By TimoGunt on 26 Feb 2014

Sorry,

I was being a smug git and it was uncalled for. I wasn't affected by this because I use OSX at home and not on a shared unsecured wireless service but I do acknowledge that it was an embarrassing flaw. I have no idea how it got through testing

By TimoGunt on 26 Feb 2014

coding flaw

As someone who once wrote computer programs, I can well understand such a mistake.
Apple deserves some credit for explaining why there was an error.
I don't recall having seen an explanation for any of the thousands of corrections that emenated from Microsoft, over the years.
I use currently use OSX and Windows 7 , and must say say that OSX seems significantly more robust.

By sallows on 27 Feb 2014

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.