![]() ![]() ![]() Meanwhile, someone's set up a website called, a reference to the C code bug at the heart of the problem, so that users can check whether their web browsers running on OS X 10.9.1 are vulnerable. "We are aware of this issue and already have a software fix that will be released very soon," Apple spokeswoman Trudy Muller told Reuters this weekend regarding the SSL certificate validation bug in OS X 10.9.1. OS X apps vulnerable to the #gotofail SSL bug: Calendar, FaceTime, Keynote, Mail, Twitter, iBooks, Software Update: /ys5NF2nR8U Unfortunately, several apps are using version 55471: produces no results because Apple's SSH (which declares itself to be SSH-2.0-OpenSSH_6.2) uses version 55456 of Apple's Security framework library. Apple's broken SSL library is version 55471, so grepping for that number from otool's output will reveal whether the program is using the knackered Security framework. Tech-savvy users can use the otool command-line utility to determine whether an application is vulnerable by inspecting the libraries it loads. Google Chrome and Mozilla Firefox are not vulnerable because they don't use the busted SSL library. In the menu that appears, choose the System Preferences option. To get there, click the Apple icon in the top-left corner of the screen. Apple's Safari web browser and Mail client running on OS X 10.9.1 are vulnerable to SSL snoopers because they rely on the broken crypto-library other Cupertino apps such as Facetime and iMessage, and third-party programs using Apple's crocked code, are all faulty as well. To update Safari, you’ll have to use the Software Update feature in System Preferences. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |