Apple Releases Desktop OS Update For Security Flaw

Columbia, SC (WLTX) -- Apple followed last week's mobile update with a new version of the Mac desktop OS X Mavericks to fix a major security issue.

Apple's website noted the security flaw involving website security certificates, also known as 'SSL Certificates,' could have permitted hackers to gain "a privileged network position," that would potentially let them intercept critical information, including usernames, passwords, and any sensitive information passed through the web browser, such as credit card information.

The flaw exploits a vulnerability with security certificates signed by what are known as "trusted certificate authorities."

Security certificates are a basic component of computer security. They are attachments to electronic messages that verify the user sending a message is who he or she says he is. They contain information about the certificate owner, including an internet address, when it can be used, how long it is valid for and where it lives on the web.

Most importantly, the certificates carry a code (called a hash) showing they have not been tampered with.

When connecting to a web site, the Apple computer or mobile device should check to make sure that the site is who and what it says it is, using the certificate.

However a missing bit of computer code meant the certificates were not checked.

That would allow a malicious hacker to perpetrate what's known as a Man in the Middle Attack. Here, someone uses a faked certificate of authority to fool the device into believe it is interacting with a trusted host.

That allows the Man in the Middle to intercept all the messages (including passwords) that go between a person's iPhone and a web site, for example.

Last week's release from Apple for all their mobile devices took the user base by surprise, when iOS device users were prompted to update to version 7.0.6 Friday to patch the same Security Certificate flaw.

Related: Apple Issues Fix for iPhone Security Weakness

It's noted that Apple is also including updates they had likely planned for a later OS refresh, including updates to apps for Messaging, Mail, and the Safari web browser, plus the added benefit of letting desktop Mac users conduct FaceTime calls with audio only, an option not previously available.

Visit the Mac Apple Store and you'll be shown the 10.9.2 OS X Mavericks download in the Updates section.

If you have not yet updated your iPod, iPhone, or iPad to the latest iOS version, you are strongly encouraged to do so as soon as possible, to fix the Security Certificate security flaw on those devices.

Follow me on Twitter at @Derry_London


To find out more about Facebook commenting please read the
Conversation Guidelines and FAQs

Leave a Comment