It transpires that any application that uses the Apple security library (like, err Safari and Mail) pre 10.9.2 (released on Tuesday 25 February 2014) is vulnerable to a man in the middle attack because of a coding error in the library.
What does this mean to you? It means that malicious types could intercept your traffic and snaffle your bank account details, your letters of undying love to Margaret Thatcher or your subscription details to railway magazine.
Seriously, this is bad news. Nobody really knows how long this has been known for or by whom or how it came to exist in the first place (mwahahaha).
To further compound this misery, it appears that Apple has pulled support for OSX Snow Leopard, only in use on 20 percent of Macintosh machines currently, no biggy. There were no security updates for Snow Leopard in the last two rounds of patching.
What can you do about this? Obviously it is imperative that you patch personal machines and absolutely mandate that BYOD/CYOD and corporate Macs (if you have them) are patched. We recommend that you deploy Network Access Control systems (we recommend ForeScout) to identify non-compliant machines connected to your infrastructure and enforce remediation or leave them out in the cold and damp until they are patched.
You should also mandate that OSX machines run Anti-Virus, also enforced by NAC systems. We have no hesitation in recommending the Anti-Virus systems from Sophos which are available free of charge for personal use. You can download it here: http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
Security issues, dropping support for Operating systems. Does this remind you of another Operating System provider? What goes up must come down, as Isaac Netwon realised when an Apple fell on his head. Get patching and implement Anti-Virus.
If you would like to discuss this or any other fruity security issues, Please contact us on: