You are here

Mavericks 10.9.2 and Security Update

For current or would-be users of Apple Mac computers, with answers to many FAQs.

Mavericks 10.9.2 and Security Update

Postby Tui » Tue Feb 25, 2014 8:56 pm

Anybody using Mavericks should install this asap. The update addresses serious security issues.

http://support.apple.com/downloads/

http://support.apple.com/kb/HT6150
User avatar
Tui
Frequent Poster
Posts: 1067
Joined: Sun Sep 01, 2002 11:00 pm

 


Re: Mavericks 10.9.2 and Security Update

Postby desmond » Tue Feb 25, 2014 9:06 pm

This was a lovely example of a critical bug...

Yes, important to get this one fixed.
User avatar
desmond
Jedi Poster
Posts: 6656
Joined: Tue Jan 10, 2006 12:00 am

mu:zines | music magazine archive
Vintage issues of Sound On Sound, Electronics & Music Maker, Music Technology and more...


Re: Mavericks 10.9.2 and Security Update

Postby chris... » Tue Feb 25, 2014 10:39 pm

Some of the media is exaggerating this abit, arguably failing to explain for folks not in the know that it can't just be exploited by any random hacker anywhere. Rather, the hacker has to already have access to your transmission path. In general, this isn't as easy as the media seems to suggest, and would generally require a determined hacker specifically deciding to target you in particular.

The fix will likely make life harder for the NSA, which is good.

But yes, definitely one to fix.
User avatar
chris...
Frequent Poster
Posts: 2720
Joined: Wed Mar 12, 2003 12:00 am
Location: Sunny Glasgow

Re: Mavericks 10.9.2 and Security Update

Postby desmond » Tue Feb 25, 2014 11:28 pm

chris... wrote:Some of the media is exaggerating this abit, arguably failing to explain for folks not in the know that it can't just be exploited by any random hacker anywhere.

Yep, someone *already on your network* can potentially run a man-in-the-middle attack but the attacker would already have to be on your network. The biggest risk really is when connected to public networks...

The media interest is that basically anything suggesting Apple aren't perfect gets journos and wackos salivating at the prospect of naming and shaming. "Apple has a security flaw!". Yes, and MS patch multiple Windows security flaws every tuesday but you don't make headlines about those either - even the serious ones.

But yes, a pretty nasty security bug this one, probably one of Apple's more serious ones in recent history (that I can remember anyway).

10.9.2 here now...
Test at gotofail.com
User avatar
desmond
Jedi Poster
Posts: 6656
Joined: Tue Jan 10, 2006 12:00 am

mu:zines | music magazine archive
Vintage issues of Sound On Sound, Electronics & Music Maker, Music Technology and more...


Re: Mavericks 10.9.2 and Security Update

Postby xFasterMikeyH » Wed Feb 26, 2014 5:15 pm

desmond wrote:Yep, someone *already on your network* can potentially run a man-in-the-middle attack but the attacker would already have to be on your network. The biggest risk really is when connected to public networks...
Like when you check your email in a coffee shop, or at an airport.

desmond wrote:MS patch multiple Windows security flaws every tuesday but you don't make headlines about those either - even the serious ones.
Apple have a pretty woeful history on patching security flaws, for instance with their Java updates, none of which really makes the headlines. The reason this has people frothing quite so much is that it's relatively trivial to exploit and, given the ubiquity of iOS devices that are very likely to be connecting to public networks, has the potential to affect a lot of people.

chris... wrote:[exploiting this flaw would] require a determined hacker specifically deciding to target you in particular.
They don't need to target individuals, they need to target people using specific ios/osx versions using specific applications. That's trivial to do on a shared network for someone with not particularly impressive hacking skills (although they will need a dodgy cert to do it, but that's a pretty low barrier).
xFasterMikeyH
Regular
Posts: 109
Joined: Thu Oct 07, 2004 11:00 pm


Who is online

Users browsing this forum: No registered users and 4 guests