Re: [Fed-Talk] Snow Leopard security update article
Re: [Fed-Talk] Snow Leopard security update article
- Subject: Re: [Fed-Talk] Snow Leopard security update article
- From: Ron Colvin <email@hidden>
- Date: Thu, 27 Feb 2014 13:49:19 -0500
The Security update seemed clear and syncs with all of the details
reported that this is an issue that was introduced as part of
replacing OpenSSL and was present only in iOS6. iOS7 and 10.9.
https://support.apple.com/kb/HT6150
Data Security
Available for: OS X Mavericks 10.9 and 10.9.1
Impact: An attacker with a privileged network position may capture
or modify data in sessions protected by SSL/TLS
Description: Secure Transport failed to validate the authenticity of
the connection. This issue was addressed by restoring missing
validation steps.
CVE-ID
CVE-2014-1266
On 2/27/14 1:38 PM, Todd Heberlein
wrote:
Probably nothing too surprising for this audience, but I
thought I’d pass it along. (FWIW, I’m not even sure if Snow
Leopard has the MiTM vulnerability)
On a side note though, I had a customer who needed some
custom tweaks to Audit Explorer for Snow Leopard. I couldn’t
even figure out how to compile binaries for Snow Leopard on the
current version of Xcode.
Apple retires Snow Leopard from support, leaves 1 in 5
Macs vulnerable to attacks
Apple on Tuesday made it clear that it will no longer patch
OS X 10.6, aka Snow Leopard, when it again declined to offer a
security update for the four-and-a-half-year-old operating
system.
As Apple issued an update for Mavericks, or OS X 10.9, as well
as for its two predecessors, Mountain Lion (10.8) and Lion
(10.7), Apple had nothing for Snow Leopard or its owners
yesterday.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
--
********************************************************
Ron Colvin CISSP, CAP, CEH
Certified Security Analyst
NASA - Goddard Space Flight Center
<email@hidden>
Direct phone 301-286-2451
NASA Jabber (email@hidden) AIM rcolvin13
NASA LCS (email@hidden)
********************************************************
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden