An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#28217 - 02/25/14 02:05 AM Big Apple boo-boo ...
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
... in more ways than one.

Apple rushes to fix glaring security flaw: 'As bad as you could imagine'

Why is this just now coming to light — especially in this forum?!

And what's the best way of protecting one's online time?

Top
#28219 - 02/25/14 02:25 AM Re: Big Apple boo-boo ... [Re: grelber]
artie505 Online


Registered: 08/04/09
I found out about it earlier, here.

I'm running DNSCrypt, and my deuced Mac(hina) passes the test to which the article links.

Edit: Nope! I just turned DNSC off and quit/relaunched Safari, and I'm still "protected". (Safari 5.1.10)

Hmmm... I dunno. confused


Edited by artie505 (02/25/14 04:54 AM)
Edit Reason: Edit & Add link
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28220 - 02/25/14 02:47 AM Re: Big Apple boo-boo ... [Re: artie505]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Merci, artie.

I'm running Firefox and according to https://gotofail.com/ it's safe. Hotcha!

Top
#28221 - 02/25/14 04:43 AM Re: Big Apple boo-boo ... [Re: grelber]
artie505 Online


Registered: 08/04/09
Per the CNET article: "Therefore, until a fix is released you might consider downloading and using Firefox, which has been deemed safe from this bug."
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#28226 - 02/25/14 09:02 AM Re: Big Apple boo-boo ... [Re: grelber]
Ira L Offline


Registered: 08/13/09
Loc: California
Other articles have pointed out that to exploit the bug, someone must be on the same local network as you. The article advised caution with (i.e., avoid!) free access networks and local hotspots.

If you really want to be paranoid, check out this article, which talks about the proof-of-concept malicious app that can unknowingly recorded screen taps on your iDevice.
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#28227 - 02/25/14 10:22 AM Re: Big Apple boo-boo ... [Re: Ira L]
dkmarsh Offline
Moderator

Registered: 08/04/09

In the rush to tout the severity of the bug, it appears that the tech media generally have done a poor job of explaining the issues.

First, it's not a flaw in Safari; it's a flaw in the handling of SSL by multiple Apple apps, including Mail. Changing browsers removes the vulnerability only when browsing, but an unpatched system is still vulnerable through these other apps.

Second, with respect to OS X, only systems running Mavericks—10.9.1 or 10.9.2—are affected. You folks on Snow Leopard, Lion or Mountain Lion are unaffected, and the 10.9.2 update patches the problem for Mavericks users.

Third, the vulnerability, as Ira points out, is limited to shared networks. That's a big deal with mobile devices, but not quite as wide an exposure for those of us using Macs on private networks in our homes.
_________________________

dkmarsh • member, FineTunedMac Co-op Board of Directors

Top
#28228 - 02/25/14 10:39 AM Re: Big Apple boo-boo ... [Re: dkmarsh]
grelber Offline


Registered: 08/05/09
Loc: North of 49th ||
Security updates for OS X (Mavericks 10.9.x, Mountain Lion 10.8.x, Lion 10.7.x) are now available on the Apple Support website.

Top
#28229 - 02/25/14 12:01 PM Re: Big Apple boo-boo ... [Re: grelber]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: grelber
Security updates for OS X (Mavericks 10.9.x, Mountain Lion 10.8.x, Lion 10.7.x) are now available on the Apple Support website.

…and the App Store
_________________________
joemikeb • moderator

Top

Moderator:  alternaut, dianne, MacManiac