University of Vermont

Information Technology

Update Your Mac, iPhone, iPad, and iPod Now

Fix Released for Serious Security Issue

Update, Feb. 26, 2014:  Apple has released critical security updates for Macintoshes, iPhones, iPads, and iPods.  The UVM Information Security Office encourages immediate installation of these updates. How to do it:

Macintosh: Open the App Store, and click on Updates. Install the security update and any other MacOS updates that are shown.

iPhones, iPads, and iPods: Tap Settings > General > Software Update

------------------------------------------------------------------------------------------------

Original Story, Feb. 24, 2014:

A serious security flaw has been found in the operating software for iPhones and iPads (iOS devices) as well as for Macintosh (MacOS) computers.  Apple has released a fix for iOS, but there is no fix yet for MacOS.

This advice from Gozmodo suggests reasonable precautions to take, especially the last two sentences:

If you're on an iOS device, you need to download [update] 7.0.6 immediately. If you've got a 3GS or an old iPod touch, you can download iOS 6.1.6 instead. And if you were looking for an indication of just how seriously Apple is taking this, the fact that they're supporting an iOS version that they are incredibly eager to phase out should be as good an indicator as any.

So far, though, you're out of luck if you're on OS X. The vulnerability is still there, and now that it's been widely publicized, bad guys are going to be keen to take advantage while they can. There's an unofficial patch floating out there, but please know that it's not for beginners.

Your best option in the meantime is to use Chrome or Firefox, which aren't affected on OS X. Also make sure you stay on secured networks, and if you do wind up on a shared network to play it smart (no financial info, no transactions, no personal details). That's a good rule of thumb generally, but especially important until this is made right.


For protection when using MacOS on untrusted networks (the airport, the coffee shop, etc.), the AnyConnect VPN (without the split tunnel option) provides some protection between you and UVM.  

For more information, search the web for "apple ssl", or please see:

Apple quietly issues iOS update to patch faulty SSL authentication (update 2: OS X patch coming)

Apple Planning Fix for OS X SSL Bug as New Research Reveals iMessage, Other Apps Affected

Understanding Apple's SSL/TLS Bug

 

 

 

Contact UVM © 2014 The University of Vermont - Burlington, VT 05405 - (802) 656-3131