Apple Mac OS X Maverick 10.9.2 update has been released to patch SSL bug that allows a hacker to bypass key verification routines. Anyone who has enough knowledge to do this can get access to almost all encrypted traffic in a computer.
The Secure Sockets Layers (SSL) bug, which was unpatched since the release of iOS 6 in 2012, dwells in a certain open source code utilized by Apple. Additionally, it doesn't just affect Apple's Web browser Safari, but all other installed application that use encrypted channels to the Internet, ZDNet reported Tuesday.
"Nearly all encrypted traffic, including usernames, passwords, and even Apple app updates can be captured," said Aldo Cortesi, who has successfully captured iCloud data, as well as KeyChain enrolment and updates. Cortesi is the CEO and founder of security consultancy firm Nullcube.
Third-party browsers like Firefox and Chrome, on the other hand, are not affected as they use different SSL/TLS implementations.
The 460-megabyte update, aside from the SSL bug fix, also offers other fixes and a set of new features to Maverick users.
After installing the update, "call waiting" feature and audio calls for FaceTime, as well as message blocking for iMessages will automatically be added. Furthermore, the update enhances VoiceOver navigation in Mail and Finder, improves AutoFill in Safari, fixes a sound problem on Mac, and repairs a VPN issue.
The fix for the affected iOS users was released last week; however, it not available to those using earlier versions of the iOS.
Users of the affected operating systems are highly advised to install the update as soon as possible to protect themselves against critical vulnerabilities.
"The OS X Mavericks v10.9.2 Update is recommended for all OS X Mavericks users. It improves the stability, compatibility, and security of your Mac," said Apple in its website.
