MacOS / iOS security flaw

[Boyd]

Update your devices guys, this nasty bug could put you at risk.

http://www.macrumors.com/2014/02/22/os-x-ssl-vulnerability/

an attacker could intercept communications from an iPhone that was meant to be encrypted. Let’s say the attacker had access to the same network over an unsecured WiFi connection in a coffee shop or restaurant. He could impersonate a protected site such as Facebook or Gmail and alter any data passed between the iPhone and the site. The worse news for Apple is the its desktop operating system, OS X, is perhaps even more exposed to attack.

As per this article, you can see if you are vulnerable by going here: https://gotofail.com

Glad that I haven't updated my Mac to Mavericks (MacOSX 10.9). Older versions are not vulnerable. iOS 6 and 7 have the bug though, so I am updating my iPhone.

 

[Teegate]

I told my girls yesterday to update but they as of yet have not. Jennifer is especially vulnerable because of the iPhone.

 

[Teegate]

I am running 10.9.1 on my Mac and there is no update available for me. So it must not effect everyone with 10.9.

 

[Teegate]

I see now the 10.9.2 update is not available yet.

 

[Teegate]

I also see the bug is in the 10.9.2 beta version in testing. So it may be a while before that comes out.

 

[Boyd]

I believe that Safari is vulnerable on 10.9 but Firefox and Chrome aren't. You can use the link I posted above to check.

 

[Ben Ruset]

They have a fix for iOS. Nothing for MacOS yet. But so far they are saying that exploits based on this haven't appeared in the wild yet. The best thing to do (which you should do all the time anyway) is to not join unencrypted wireless networks, which is where you'd be most at risk.

 

[Teegate]

The fix is now available for OSX.