Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals
9 comments

10.9.2 Fixes Critical SSL Security Bug, Adds FaceTime Audio

Apple has released OS X Mavericks 10.9.2 Update, which finally brings to the Mac FaceTime audio, introduced in iOS 7 back in September 2013, and fixes a nasty security vulnerability in SSL/TLS (see “Apple Updates iOS and Apple TV to Fix Critical SSL Security Bug,” 24 February 2014). If you’re using Mavericks, we strongly encourage you to install the free update, either via Software Update (460 MB) or from Apple’s Support Downloads site (733 MB). If you skipped the 10.9.1 update, you can also grab a combo update (859.7 MB) to upgrade directly from 10.9 to 10.9.2.


The SSL/TLS bug was caused by a faulty “goto” line, which prevented iOS 6 and 7 and OS X 10.9.1 Mavericks from checking signatures in TLS Server Key Exchange messages, which could have allowed attackers to use man-in-the-middle attacks to spoof SSL-protected sites. According to Apple’s security notes, the vulnerability does not affect 10.8 Mountain Lion and earlier versions of Mac OS X. Although the SSL/TLS bug was particularly important to address, 10.9.2 also patches numerous vulnerabilities in app sandboxing, ACLs in the Finder, font handling, image display, Nvidia drivers, Quick Look, QuickTime, and the system clock, along with the Apache Web server, curl data transfer tool, and PHP scripting language.

To place FaceTime Audio calls to fellow 10.9.2 users or users of iOS 7, open the FaceTime app, and then either click the phone handset icon next to a contact’s name or click a contact’s name and click FaceTime Audio. You now also have the option to activate call waiting for both FaceTime audio and video calls.


In another welcome addition, Messages in 10.9.2 now lets you block iMessages from specific senders. To do so, choose Messages > Preferences, select the Accounts tab, and then click Blocked in the right pane. Once there, you see a list of blocked senders, which you can edit with the plus and minus buttons.

Image

Happily, 10.9.2 claims a number of improvements to Mail, including more accurate unread counts, a fix for a bug that prevented Mail from receiving new messages from certain email providers, better compatibility with Gmail Archive mailboxes, improvements to Gmail labels, and “general improvements to the stability and compatibility of Mail.” Joe Kissell has more to say about this in “Mail Improvements in OS X 10.9.2” (25 February 2014).

Also included in 10.9.2 is Safari 7.0.2, which improves AutoFill compatibility and browsing when using an authenticated Web proxy, and fixes a WebKit vulnerability that could lead to arbitrary code execution.

Although the security fixes, FaceTime Audio additions, and iMessage sender blocking are the main reasons to move from previous versions of Mavericks to 10.9.2 — which we highly recommend! — the update also:

  • Fixes an issue that may cause audio distortion on certain Macs
  • Improves reliability when connecting to a file server using SMB2
  • Fixes an issue that may cause VPN connections to disconnect
  • Improves VoiceOver navigation in Mail and Finder
  • Improves VoiceOver reliability when navigating Web sites
  • Improves Software Update installation when using an authenticated Web proxy
  • Fixes an issue that could cause the Mac App Store to offer updates for apps that are already up to date
  • Improves the reliability of diskless NetBoot service in OS X Server
  • Fixes braille driver support for specific HandyTech displays
  • Resolves an issue when using Safe Boot with some systems
  • Improves ExpressCard compatibility for some MacBook Pro 2010 models
  • Resolves an issue which prevented printing to printers shared by Windows XP
  • Resolves an issue with Keychain that could cause repeated prompts to unlock the Local Items keychain
  • Fixes an issue that could prevent certain preference panes from opening in System Preferences
  • Fixes an issue that may prevent migration from completing while in Setup Assistant
  • Provides a fix for SSL connection verification

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For 28 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

Comments About 10.9.2 Fixes Critical SSL Security Bug, Adds FaceTime Audio