Apple closes gaping 'gotofail' security hole for OS X

Apple finally issued a software update for OS X Mavericks, which will eliminate the "gotofail" security issue that left millions of Mac users vulnerable to unwanted spying and other types of attacks. The issue also plagued iOS 7 users' iPhones and iPads, but Apple resolved that issue recently as well.

The security hole left iPhones, iPads and Macs open to man-in-the-middle attacks from hackers, which would have allowed them to intercept and alter a user's data. That data normally would have headed to a secure, trusted service, meaning that the type of information left open to attack was highly sensitive. The OS X 10.9.2 software update also includes other vital security features for Mac users. Users of OS X Mountain Lion are also encouraged to download the update in order to protect their computers.

Safari, iCloud, Mail and other Apple-based applications were open to attacks prior to the software update because Apple's unique SSL/TLS security standard accidentally included the line "gotofail" twice in a row, causing some encryption services to fail. This failure left users' sensitive data open to hackers, even though it was supposed to be securely encrypted. The error was only present in Apple's applications and Safari browser because of this unique security standard. Chrome and Firefox were not affected by the issue.

Aldo Cortesi, a New Zealand security consultant recognized the issue and was astounded that the problem was not fixed sooner.

"It's difficult to over-state the seriousness of this issue. With a tool like mitmproxy in the right position, an attacker can intercept, view and modify nearly all sensitive traffic," he said.

Apple moved quickly to patch up the problem for iOS users, but took much longer to issue the security update for OS X Mavericks. Many tech pundits and security analysts have expressed outrage over the delays, so going so far as to say that Apple is not serious about its users' security.

Although Apple was among the tech companies that pressured President Barack Obama to curb the spying power of the NSA, this huge security flap has led many to believe that Apple's promise to keep users' data secure is insincere. Apple's closed system typically ensures the safety of its users on iOS and OS X, but sometimes that system will inevitably fail and the company is responsible for fixing the problems quickly. In recent years, Apple has been fast to act when issues arise on iOS, but rather slow to respond when problems pop up on OS X.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics