Apple’s gotofail security gap extends to OS X


By

Late last week Apple posted an iOS update that patches a security vulnerability. People should update their iOS devices quickly to address this issue specific to Safari SSL connections. It appears, however, the code is shared with OS X and as result Mac apps also vulnerable.

Andy Greenberg for Forbes:

Apple revealed a critical bug in its implementation of encryption in iOS, requiring an emergency patch. Then researchers found the same bug is also included in Apple's desktop OSX operating system, a gaping Web security hole that leaves users of Safari at risk of having their traffic hijacked. Now one researcher has found evidence that the bug extends beyond Apple's browser to other applications including Mail, Twitter, Facetime, iMessage and even Apple's software update mechanism.

Until Apple posts a fix, users may want to do their secure browsing using Firefox or Chrome, which apparently don't utilize the exposed framework.