Reasons for delay in SSL fix to OS X unclear as a single line of code found responsible
Update: Apple issued OS X 10.9.2 the following day, which included a fix for the SSL bug.
After Apple fixed the SSL bug in iOS, it’s unclear why three days have passed without an OS X fix after it was revealed by Reuters that the vulnerability was created by an error in a single line of code.
The problem lies in the way the software recognizes the digital certificates used by banking sites, Google’s Gmail service, Facebook and others to establish encrypted connections. A single line in the program and an omitted bracket meant that those certificates were not authenticated at all, so that hackers can impersonate the website being sought and capture all the electronic traffic before passing it along to the real site.
As the bug is in Apple’s SSL authentication code, it leaves a whole range of apps vulnerable, not just Safari …
Expand
Expanding
Close