Feb 14

SSL Security Patch for iOS and Mac OSX 10.9

Apple has issued patches for a very serious security hole that affects OSX 10.9 (Mavericks) and iOS devices (iPhones, iPods, iPads, Apple TV). You can test if you’re affected by browsing to this test site.

The patch for Mac OSX 10.9 users is to upgrade to 10.9.2. You can do that through Apple Menu/Software Update or downloading and installing the 10.9.2 Combo Updater. Note that either way you’ll have to restart your machine.
The patch for iOS devices can be found by upgrading to iOS 7.0.6 or 6.1.6 in the System Settings/General/Updates settings. Note that devices that can run iOS 7 but are still on iOS 6 may have to go to iOS7 to get the fix. Yes, that is annoying, as some of us have avoided it on our older iPhones etc since it can make the devices run slower.

I recommend doing this soon as you can.


Feb 13

Disable Java

Really, at this point if you want to secure your Mac you ought to disable Java in the browser (if you use it at all–unfortunately Adobe CS suite still requires it) and make sure you’re running the latest Adobe Flash plugins. This helpful article in Slate explains the steps in disabling the Java browser plugin (the dangerous vector for the current Java-targeting malware).

To unplug Java:

  • In Firefox, select “Tools” from the main menu, then “Add-ons,” then click the “Disable” button next to any Java plug-ins.
  • In Safari, click “Safari” in the main menu bar, then “Preferences,” then select the “Security” tab and uncheck the button next to “Enable Java.”
  • In Chrome, type or copy “Chrome://Plugins” into your browser’s address bar, then click the “Disable” button below any Java plug-ins.

Disabling the browser plugin will still allow you to run Adobe CS, but will shut down the ability to get infected by visiting a website.

Might I also recommend AdBlock Plus add on to Firefox to keep Flash from running automatically?

Also everyone please run security updates from Software Update. Recommend going under Apple Menu/Software Update and checking for updates now.