[<prev] [next>] [day] [month] [year] [list]
Message-Id: <BD85542E-AE51-4BD9-ABC3-1B8EAD300E07@lists.apple.com>
Date: Thu, 16 Oct 2014 17:08:47 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2014-10-16-2 Security Update 2014-005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-10-16-2 Security Update 2014-005
Security Update 2014-005 is now available and addresses the
following:
Secure Transport
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of SSL
3.0 when a cipher suite uses a block cipher in CBC mode. An attacker
could force the use of SSL 3.0, even when the server would support a
better TLS version, by blocking TLS 1.0 and higher connection
attempts. This issue was addressed by disabling CBC cipher suites
when TLS connection attempts fail.
CVE-ID
CVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of
Google Security Team
Note: Security Update 2014-005 includes the security content of
OS X bash Update 1.0. For further details see
https://support.apple.com/kb/HT6495
Security Update 2014-005 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJUQCI2AAoJEBcWfLTuOo7t5ygP/0l9VIBlR7Q6ocMRSB61+2uN
adB6UoEcmJCkUwmEAWOlVT0GlrtV+h2FbQGSKAkiDK5b7+E9UfX8UXneyaV4MWbj
BFDVFt/R0RRYpuojfmhNvMP+p7TFA1QsaHAUrWBtBomJ1+326YIhXBtWMIbVRGHC
S4OZgVbwSnyeJ3o74ftr+CcMu9PFXOMDj0Sdv6rb5af9vkNjfocp8J4El2psr3fO
Ari7bJNSQL2D2ZeGxR7aYu8JMdKQ7N0vnF/c24/z7zd3AgoLQLXsg6F0wI45vRNi
PxvmIAJ217qOva/4XRwve/YdxlpmYRwpkTXTDn7nMyTXsrtUm4PVumxKJJEScYmc
bU9Ckw1CUEQdcd883aB0NgLkf5LTPzsih+ak6xRzElp3QbmnPQ2y0GrnwryXQgLI
KEFrhFCkru7RPaPhXGpeqNB25iT99Rp6rc1w/LvhhZiEArBKyVwdWPAwt4ZAMBQY
UKZYYi6rQKEf+Tf5REoUv9OZCQFYFiuK6/5J/mAcKsZUN6+hxFRrNeq3Kg4GNMnS
v8T8Z0Z5IXbDBdptF6aSYI3sQYkvHob4ujAKxSLFJk9WJOl6y3/TIwGN5eTRxA0K
I+ZXxp9H0tDyHwIgGw/d9FWeW56mTqlcln5M5+V2jphi1h/0EqK70YpBnq4D/tI2
vDl+zNHL/d2D8rWh8csq
=c286
-----END PGP SIGNATURE-----
Download attachment "signature.asc" of type "application/pgp-signature" (842 bytes)
Powered by blists - more mailing lists