Apple has finally rolled out a fix for the security vulnerability on Mac OS X. The security flaw, which has come to be known as “gotofail” allowed for a man in the middle attack on unsecure networks. The attacker would be able to send a fake verification to the client, and potentially hijack traffic. Some of the affected apps were iMessage, Mail, and Facetime.
The issue lay hidden in Apple’s SSL implementation, where apparently a goto statement had been used improperly, resulting in the security issue. This fix comes not long after a similar fix was distributed last Friday for the same problem on iOS devices.
Apple has received criticism for two of their choices made on handling this issue. When Apple first admitted there was an issue, they had no fix readily available for OS X. Secondly, once a fix was found, Apple decided not to release it immediately, but wait and bundle it with the 10.9.2 release. Furthermore, Apple did not mention this security update in the patch notes.