egoreii

Q: Do I need to download the new security update fix for SSL connection

Do I need to download & install the new security update fix for SSL connection? Can any one explain the flaw?

MacBook Pro, OS X Mavericks (10.9.1)

Posted on Feb 23, 2014 8:16 AM

Close

Q: Do I need to download the new security update fix for SSL connection

  • All replies
  • Helpful answers

Page 1 Next
  • by cosmin.toma,Helpful

    cosmin.toma cosmin.toma Feb 23, 2014 8:23 AM in response to egoreii
    Level 1 (70 points)
    Feb 23, 2014 8:23 AM in response to egoreii

    Security researchers revealed late Friday that iOS's & OS X's validation of SSL encryption had a coding error that bypassed a key validation step in the Web protocol for secure communications. As a result, communications sent over unsecured Wi-Fi hot spots could be intercepted and read while unencrypted, potentially exposing user password, bank data, and other sensitive data to hackers via man-in-the-middle attacks. Secured Wi-Fi networks, such as home and business networks with encryption enabled, are not affected.

     

    It doesn't matter if you are using everiday SSL connection it is good to update.

  • by MadMacs0,

    MadMacs0 MadMacs0 Feb 23, 2014 2:10 PM in response to egoreii
    Level 5 (4,791 points)
    Feb 23, 2014 2:10 PM in response to egoreii

    egoreii wrote:

     

    Do I need to download & install the new security update fix for SSL connection?

    There is no update available for Mavericks yet. Watch for it and in the menwhile:

     

    Do not use untrusted networks (especially WiFi) while traveling, until you can update the computer from a trusted network.

     

    On unpatched laptop devices, set “Ask to Join Networks” setting to OFF, which will prevent them from showing prompts to connect to untrusted networks.

  • by O3GdzLzQ6fU3udCs5NG8,

    O3GdzLzQ6fU3udCs5NG8 Feb 24, 2014 1:42 PM in response to MadMacs0
    Level 1 (25 points)
    Feb 24, 2014 1:42 PM in response to MadMacs0

    Even on my locked down at home network the test pages to see if you have the flaw, still show Safari and other apps it mentions as unsecure, please fix. I'm using Chrome, which I hate for now. Wi-Fi is also disabled so I don't understand why the test pages for the vulnerability still show as unsafe?

     

    PS for some reason now iTunes won't let me sign in from my Mac, while I can from my patched iPhone/iPad. Weird.

  • by O3GdzLzQ6fU3udCs5NG8,

    O3GdzLzQ6fU3udCs5NG8 Feb 24, 2014 1:49 PM in response to O3GdzLzQ6fU3udCs5NG8
    Level 1 (25 points)
    Feb 24, 2014 1:49 PM in response to O3GdzLzQ6fU3udCs5NG8

    Thanks for any input

  • by MadMacs0,

    MadMacs0 MadMacs0 Feb 24, 2014 1:55 PM in response to O3GdzLzQ6fU3udCs5NG8
    Level 5 (4,791 points)
    Feb 24, 2014 1:55 PM in response to O3GdzLzQ6fU3udCs5NG8

    blue5ft3 wrote:

     

    Wi-Fi is also disabled so I don't understand why the test pages for the vulnerability still show as unsafe?

    Doesn't matter whether you use wireless or wired, you are still vulnerable if you are using older versions of iOS 6 or 7 or OS X 10.9.x.

  • by Bob Worthingham,

    Bob Worthingham Bob Worthingham Feb 24, 2014 2:23 PM in response to MadMacs0
    Level 2 (299 points)
    Feb 24, 2014 2:23 PM in response to MadMacs0

    This article confirms the OS version affected.

    http://arstechnica.com/security/2014/02/extremely-critical-crypto-flaw-in-ios-ma y-also-affect-fully-patched-macs/

    10.8 is not affected.  Only 10.9.

  • by O3GdzLzQ6fU3udCs5NG8,

    O3GdzLzQ6fU3udCs5NG8 Feb 24, 2014 2:34 PM in response to Bob Worthingham
    Level 1 (25 points)
    Feb 24, 2014 2:34 PM in response to Bob Worthingham

    Thank You. So all of those saying that if I'm on my own Network at home which is locked down, makes using those apps safe, and that I would not be affected by the flaw are incorrect.  I APPRECIATE your help. Pardon me for sounding uninformed but this is new to me. I thought I'd use my patched iPad for email for now. Can I use CHROME to access icloud on my Mac or will the vulnerability affect that also.

  • by O3GdzLzQ6fU3udCs5NG8,

    O3GdzLzQ6fU3udCs5NG8 Feb 24, 2014 2:37 PM in response to MadMacs0
    Level 1 (25 points)
    Feb 24, 2014 2:37 PM in response to MadMacs0

    Thank You. I knew I should have gone back to ML after all of the trouble Mavericks gave me installing it.

  • by MadMacs0,

    MadMacs0 MadMacs0 Feb 24, 2014 2:49 PM in response to O3GdzLzQ6fU3udCs5NG8
    Level 5 (4,791 points)
    Feb 24, 2014 2:49 PM in response to O3GdzLzQ6fU3udCs5NG8

    blue5ft3 wrote:

     

    So all of those saying that if I'm on my own Network at home which is locked down, makes using those apps safe, and that I would not be affected by the flaw are incorrect.

    You are jumping to conclusions here. It is correct to say that your OS has a flaw, but in order to exploit that flaw the perpetrator would have to be on your home network. So as long as it's locked down with a strong WPA-2 password that has not been compromised to the guy in the windowless van out front, you are perfectly safe at home.  The test site is warning you that your browser is not safe to take to a public network and that's all!

  • by O3GdzLzQ6fU3udCs5NG8,

    O3GdzLzQ6fU3udCs5NG8 Feb 24, 2014 2:56 PM in response to MadMacs0
    Level 1 (25 points)
    Feb 24, 2014 2:56 PM in response to MadMacs0

    Thanks! That is what I had understood the case to be, but someone wrote that it did not matter if you are on Wi-fi or wired. My home network is secure as far as I know, locked down with only 2 of us using it. I appreciate your time and Thank You for your explanation. This was all new to me. Peace.

  • by MadMacs0,

    MadMacs0 MadMacs0 Feb 24, 2014 3:03 PM in response to O3GdzLzQ6fU3udCs5NG8
    Level 5 (4,791 points)
    Feb 24, 2014 3:03 PM in response to O3GdzLzQ6fU3udCs5NG8

    blue5ft3 wrote:

     

    Thanks! That is what I had understood the case to be, but someone wrote that it did not matter if you are on Wi-fi or wired.

    That was me and it's still true. You are vulnerable to attack from somebody on the same wired or wireless network.

     

    There are routers out there that have backdoors which could enable a hacker to do many things to the router and perhaps even join the network unnoticed, although I have not read any evidence of that.

     

    So far Airport Base Stations are not known to have such flaws, but there are many LinkSys and D-Link routers out there that are being found with multiple flaws in their firmware. I'm sure some are provided by well meaning ISP's.

     

    I suspect that it would be much harder to penetrate your home network via the router than by using Wi-Fi, but then again they would not need to be in your neighborhood to break into your router. Anybody with the proper skills, anywhere in the world would be able to do that to a vulnerable router with the right software tools.

  • by O3GdzLzQ6fU3udCs5NG8,

    O3GdzLzQ6fU3udCs5NG8 Feb 24, 2014 3:12 PM in response to MadMacs0
    Level 1 (25 points)
    Feb 24, 2014 3:12 PM in response to MadMacs0

    Thanks, I'll use Chrome until a fix is available then, and what do I do with my mail? Use my iPad I guess. Can I use iCloud safely or at all over Chrome? I don't like Chrome. I'm not an idiot, I can usually keep up with what needs doing but this is new to me. I do use the Airport Basestation. My husband and I are the only two on our locked down network, using the Airport Basestation. He never upgraded ? to Mavericks. I'll use his Mac lol.

     

    Thank You for your time and informaive answers and help, my husband and I appreciate it greatly.

  • by MadMacs0,

    MadMacs0 MadMacs0 Feb 24, 2014 3:20 PM in response to O3GdzLzQ6fU3udCs5NG8
    Level 5 (4,791 points)
    Feb 24, 2014 3:20 PM in response to O3GdzLzQ6fU3udCs5NG8

    blue5ft3 wrote:

     

    Thanks, I'll use Chrome until a fix is available then, and what do I do with my mail? Use my iPad I guess

    Sorry, but it doesn't sound like I've adequately explained things. Exactly what are you concerned about? I think we've all said that you going to be safe on an adeaquately secured home network, so is there any reason to think that your not? Yes, your Maverics software is vulnerable to attack, but only if somebody is on the same network that you are using at the time. I have not heard anything that would lead me to believe there is such a person.

  • by Romko15,

    Romko15 Romko15 Feb 24, 2014 3:57 PM in response to MadMacs0
    Level 1 (0 points)
    Feb 24, 2014 3:57 PM in response to MadMacs0

    Unfortunately I had to download Mavericks because my Yahoo mail wouldn't work right when they "improved" it, so now more problems. But, I just learned about this Apple "flaw" and I use Safari. Should I be real concerned, especially since I get to share my network with my landlord who doesn't know why the Wi-Fi never works properly anyway? I used to love my MAC, but in the last year ????? Or, should I use Firefox until Apple fixes the problem?

Page 1 Next