Stefan Esser offers patch for critical encryption bug in OS X Mavericks
A German security company has released an unauthorized patch for Apple's OS X Mavericks that it claimed closes the hole the Cupertino, Calif. giant left wide open in the operating system's implementation of basic Internet encryption.
Cologne, Germany-based SektionEins GmbH published the patch on Saturday, the day after Apple updated its iOS 7 and iOS 6 mobile operating systems to fix a flaw in their handling of SSL (secure socket layer) and TLS (transport layer security). Those protocols create an encrypted connection between a personal computer and a server -- such as one at Amazon.com -- so that snoopers cannot read the traffic and extract information like credit card numbers or log-in credentials.
According to many security researchers, SektionEins' (which translates to "SectionOne" in English) among them, OS X Mavericks contains the same critical vulnerability. SektionEins' blog detailed the flaw in Mavericks and provided a link to the unofficial patch.