Apple Patches Its 'Gotofail' Security Bug For OSX After Four Days Of Anger

Posted: Feb 25 2014, 1:01pm CST | by , Updated: Feb 25 2014, 1:42pm CST, in News | Apple

 
Apple Patches Its 'Gotofail' Security Bug For OSX After Four Days Of Anger
/* Story Top Left 2010 300x250, created 7/15/10 */ google_ad_slot = "8340327155";
 

Black Friday Deals Tracker is Live

After a very long four days of snowballing criticism by the security community, Apple has fixed the critical security flaw in its software dubbed “gotofail,” which threatened to allow any untrusted network to disable the encryption on users’ communications.

The patch, released for OSX Tuesday, follows a similar update for iOS last Friday that first alerted security researchers to the bug. That earlier patch was quickly reverse engineered to reveal the source of the flaw–as well as the fact that the vulnerability existed in Apple’s desktop software as well, with no patch available.

A description of the update on Apple’s website makes no mention of the security problem it fixes, instead focusing on updated features of Apple software like Facetime and iMessage. But an email from Apple spokesperson Ryan James adds that the updates also “address the recent SSL encryption issue for both Mavericks and Mountain Lion.”

Apple had taken flak for exposing the critical vulnerability in its own software–which potentially affected Mail, Facetime, iMessage, Software Update and more–and then having no fix immediately available. “Come the hell on, Apple,” wrote one former Apple security engineer in a strongly-worded blog post. “You just dropped an ugly [zero-day vulnerability] on us and then went home for the weekend – goto fail indeed.”

Apple was also criticized for waiting for an update to OSX that included other features rather than pushing out an emergency fix for its security crisis. “Apple should patch #gotofail [encryption] bug as soon as possible, not bundle it in a 10.9.2 release with new features,” wrote Center For Democracy and Technology privacy researcher Runa Sandvik on Twitter.

Despite the growing backlash, Apple issued no warning to users about the flaw in OSX, leaving them to search for workarounds and unofficial patches. Its patch will be a welcome relief to millions of worried users. But the anger from four days of waiting for it with no word from Apple may take longer than four days to dissipate.


Follow me on Twitter , email me, anonymously send me sensitive documents or tips , and check out the new paperback edition of my book, This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers.

Source: Forbes

This story may contain affiliate links.

Latest News

Comments

The Author


Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Advertisement

comments powered by Disqus