After what seemed like an interminable wait, Apple has released an update to OS X Mavericks today, which plugs a critical security hole that the company patched on iOS last week.
The company released update 10.9.2 for Mac users, and according to the security notes associated with the update, it fixes a number of security flaws, including the “gotofail” SSL bug that has been the talk of the secuirty industry. Due to a problem with how Apple handled secure connections, it was possible for an attacker to fool the computer into thinking that it was sending data over a secure connection. That would allow the attacker to snoop on whatever data the user was sending back and forth, even as the user thought they were accessing a secure resource.
Apple has been under intense pressure to fix the bug, as code exploiting it has begun appearing on the web.
In addition to the security fixes, update 10.9.2 brings a number of other benefits, including the ability to make and receive FaceTime audio calls, and suport for call waiting with FaceTime calls. Under the new update, users will also be able to block iMessages from individual users, so that it’s possible to block spammers and other harassers using Apple’s messaging app.
To get the update, open the “Updates” tab in the Mac App Store. I’d recommend doing so as soon as possible, because of how nasty this vulnerability is. As always, there’s a chance that something could go horribly wrong with any software update, so it’s worth making sure that any computers getting updated have current backups.
