This article originally appeared in TidBITS on 2014-02-25 at 12:20 p.m.
The permanent URL for this article is:
Include images: Off

10.9.2 Fixes Critical SSL Security Bug, Adds FaceTime Audio

by Josh Centers

Apple has released OS X Mavericks 10.9.2 Update [1], which finally brings to the Mac FaceTime audio, introduced in iOS 7 back in September 2013, and fixes a nasty security vulnerability in SSL/TLS (see “Apple Updates iOS and Apple TV to Fix Critical SSL Security Bug [2],” 24 February 2014). If you’re using Mavericks, we strongly encourage you to install the free update, either via Software Update (460 MB) or from Apple’s Support Downloads site [3] (733 MB). If you skipped the 10.9.1 update, you can also grab a combo update [4] (859.7 MB) to upgrade directly from 10.9 to 10.9.2.

[image link] [5]

The SSL/TLS bug was caused by a faulty “goto” line, which prevented iOS 6 and 7 and OS X 10.9.1 Mavericks from checking signatures in TLS Server Key Exchange messages, which could have allowed attackers to use man-in-the-middle attacks to spoof SSL-protected sites. According to Apple’s security notes, the vulnerability does not affect 10.8 Mountain Lion and earlier versions of Mac OS X. Although the SSL/TLS bug was particularly important to address, 10.9.2 also patches numerous vulnerabilities in app sandboxing, ACLs in the Finder, font handling, image display, Nvidia drivers, Quick Look, QuickTime, and the system clock, along with the Apache Web server, curl data transfer tool, and PHP scripting language.

To place FaceTime Audio calls to fellow 10.9.2 users or users of iOS 7, open the FaceTime app, and then either click the phone handset icon next to a contact’s name or click a contact’s name and click FaceTime Audio. You now also have the option to activate call waiting for both FaceTime audio and video calls.

[image link] [7]

In another welcome addition, Messages in 10.9.2 now lets you block iMessages from specific senders. To do so, choose Messages > Preferences, select the Accounts tab, and then click Blocked in the right pane. Once there, you see a list of blocked senders, which you can edit with the plus and minus buttons.

[image link] [8]

Happily, 10.9.2 claims a number of improvements to Mail, including more accurate unread counts, a fix for a bug that prevented Mail from receiving new messages from certain email providers, better compatibility with Gmail Archive mailboxes, improvements to Gmail labels, and “general improvements to the stability and compatibility of Mail.” Joe Kissell has more to say about this in “Mail Improvements in OS X 10.9.2 [9]” (25 February 2014).

Also included in 10.9.2 is Safari 7.0.2, which improves AutoFill compatibility and browsing when using an authenticated Web proxy, and fixes a WebKit vulnerability that could lead to arbitrary code execution.

Although the security fixes, FaceTime Audio additions, and iMessage sender blocking are the main reasons to move from previous versions of Mavericks to 10.9.2 — which we highly recommend! — the update also: