Apple Patches GoToFail Flaw with OS X 10.9.2 Update

Apple has released OS X 10.9.2, an update to its Mac operating system, but curiously and currently there is no specific mention of whether or not this update addresses the GoToFail security flaw beyond the typical “contains improvements to the stability, compatibility, and security of your Mac.” Most sources on the Internet are saying that this does address that security flaw and at least one source says that they have checked with Apple and this update does indeed patch the hole. That security webpage for the update is headed with the disclaimer listed below.

For the protection of our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

That info may be updated as the day moves along. For now, the update is available through the Mac App Store and here is a list of what Apple is saying is available in the update.

About the update

The OS X Mavericks v10.9.2 Update is recommended for all OS X Mavericks users. It improves the stability, compatibility, and security of your Mac. This update:

• Adds the ability to make and receive FaceTime audio calls
• Adds call waiting support for FaceTime audio and video calls
• Adds the ability to block incoming iMessages from individual senders
• Includes general improvements to the stability and compatibility of Mail
• Improves the accuracy of unread counts in Mail
• Resolves an issue that prevented Mail from receiving new messages from certain providers
• Improves AutoFill compatibility in Safari
• Fixes an issue that may cause audio distortion on certain Macs
• Improves reliability when connecting to a file server using SMB2
• Fixes an issue that may cause VPN connections to disconnect
• Improves VoiceOver navigation in Mail and Finder
• Improves VoiceOver reliability when navigating websites
• Improves compatibility with Gmail Archive mailboxes
• Includes improvements to Gmail labels
• Improves Safari browsing and Software Update installation when using an authenticated web proxy
• Fixes an issue that could cause the Mac App Store to offer updates for apps that are already up to date
• Improves the reliability of diskless NetBoot service in OS X Server
• Fixes braille driver support for specific HandyTech displays
• Resolves an issue when using Safe Boot with some systems
• Improves ExpressCard compatibility for some MacBook Pro 2010 models
• Resolves an issue which prevented printing to printers shared by Windows XP
• Resolves an issue with Keychain that could cause repeated prompts to unlock the Local Items keychain
• Fixes an issue that could prevent certain preference panes from opening in System Preferences
• Fixes an issue that may prevent migration from completing while in Setup Assistant

For detailed information about the security content of this update, see Apple security updates.

It has been four days since we first heard of a major security flaw in OS X Mavericks and versions of the iOS operating systems that became known as the GoToFail flaw for an errant duplicate goto FAIL command that skipped over SSL encryption routines. iOS 6 and 7 were patched on Friday, and Apple promised an update “very soon” for Mavericks. Looks like “very soon” is today. I’m sure we’ll hear from some of the security researchers who have been providing information on the GoToFail update sooner enough.

Users are encouraged to download the update which is now available in the Mac App Store. 

UPDATE: If you want to know if you’re secure or not you might want to head to gotofail.com and run the test. After patching my MacBook Pro I got a passing grade.