Apple Updates Open Source SSL in Mac OS X 10.8.4 Update
Page 1 of 1
The Apple Mac OS X 10.8.4 update and once again, security is a big focus in the update, with patches for over 55 vulnerabilities.
One of the largest buckets of fixes is found in the open source OpenSSL packages for OS X, with at least 12 vulnerabilities being fixed. Among the OpenSSL fixes is one for the CRIME SSL attack that was first publicly disclosed in September of 2012. The attack could have potentially enabled an attacker to decrypt SSL content. The CRIME SSL attack is the successor to the BEAST SSL attack that was first reported in September of 2011.
"There were known attacks on the confidentiality of TLS 1.0 when compression was enabled," Apple's advisory states. "This issue was addressed by disabling compression in OpenSSL."