Apple OS X Major “Goto Fail” Security Flaw Fix Released
Apple has finally released an update for OS X following the latest security flaw made public last week. A single line of code made it possible for encrypted data to be sniffed on OS X and iOS. The iOS fix was quickly released as an update to iOS 7.0.6, while OS X users we’re left waiting cautiously. This security vulnerability has been all over the news and earned the nickname “goto fail“, springing up a screening website to check if your machine is vulnerable. Another one was setup just to update the status of the patch release from Apple. This one will certainly go down in the books as one of Apple’s worst security blunders.
To apply the fix, users can apply a software update on their computers as of today, effectively patching the issue. Apple has determined their fix has removed the ability to run the man-in-the-middle type of attack on users. OS X Maverick users are presented with a full system update to version 10.9.2. The update includes the security update 2014-001 patch and includes FaceTime and other application updates for Safari, iMessage and Mail. Lion and Mountain Lion users get the same Security Update 2014-001 without the operating system update.
This update could not have come sooner. On February 21st, the iOS fix was released and for 4 days Mac OS X users had to remain on secure networks or run at risk of getting data stolen. Apple has still made no comment as to how long the vulnerability had been present, but many reports show that it was very possibly introduced back mid 2012 with the release of iOS 6.0. As for OS X, it is believed that version 10.9 was affected as well.
Apple users can finally go back to their favorite coffee shops, businesses can stop worrying about stolen data, or can they? They may be safe now but it is possible to entirely know the damage caused by this flaw. If we consider the time frame it has possibly been around for, the knowledge of this security loop would be solid gold for corporate spying or cyber criminals. No one will ever know how much data could have been stolen or how much damage will come of it for years to come.