Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Apple Patches Critical OS X 'Gotofail' Security Hole

The so-called "gotofail" flaw could let an attacker on the same network as a victim eavesdrop on all user activity.

By Angela Moscaritolo
February 25, 2014
Apple logo

Apple on Tuesday issued an update for OS X that fixes a serious SSL security hole the company already fixed in its iOS devices late last week.

The so-called "gotofail" flaw, which stemmed from an extra line accidentally added in Apple's source code, could let an attacker on the same network as a victim eavesdrop on all user activity. Apple on Friday pushed out an update for the iPhone, iPad, and iPod touch, but experts warned that Mac desktops and laptops were still at risk.

Tuesday's security update, OS X version 10.9.2, fixes the bug in both OS X Mavericks and the older Mountain Lion; older versions of Mac OS X are not believed to be affected. To get the update, head to your Mac's Apple menu and select Software Update. Users should install the update as soon as possible.

Apple did not reveal too much information about the problem, though experts who have studied the bug said hackers could launch man in the middle attacks to intercept messages as they pass from a user's device to trusted sites like Gmail, Facebook, or even online banking.

"An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS," Apple said in its original advisory.

Besides just patching the scary SSL bug, the update includes a number of other security and stability improvements for Mail, Safari, and iMessage, as well as the ability to make and receive FaceTime audio calls on your Mac. There's also call waiting support for FaceTime audio and video calls, and the ability to block iMessages from individual senders.

For more, check out PCMag Live in the video below, which discusses Apple's security flaw.

Get Our Best Stories!

Sign up for What's New Now to get our top stories delivered to your inbox every morning.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Angela Moscaritolo

Managing Editor, Consumer Electronics

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade. 

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

Read Angela's full bio

Read the latest from Angela Moscaritolo