The new Apple SSL vulnerability is a concerning bug in the Apple Macintosh iOS and desktop operating systems. This allows SSL spoofing as it will allow a faked SSL vulnerability to pass as a real one. Apparently it uses ports 1266 & 1267, if you block these with your firewall, this should alleviate this threat if you are running a vulnerable Macintosh operating system. I am testing this on OSX 10.8.5, but since I am behind a proxy, the test site at https://gotofail.com/# does not work properly, negating the test. The firewall is blocking the aforementioned ports. But this needs to be fixed properly by Apple. Bugs like this can hurt the image of Apple and their operating system. There is a patch available for Apple OSX Mavericks. This patch should be installed as soon as possible to protect your system. Get some information about this patch here: http://support.apple.com/kb/HT6150. There are also official Apple iOS updates that protect against this vulnerability. Get it here: http://support.apple.com/kb/HT6147. I am using an iMac right now to write this blog post. The mouse with the tiny ball scroll “wheel” takes some getting used to, but you can right-click after all. And you have to press Command-V to paste text instead of Ctrl-V. The lovely 1080p screen makes up for any other shortcomings, and you have access to a UNIX shell with the terminal app.
Here is the shell that you use.
Admins-iMac-166:~ admin$ echo $SHELL /bin/bash
And here is the OSX 10.8.5 kernel version.
Admins-iMac-166:~ admin$ uname -a Darwin Admins-iMac-166.local 12.5.0 Darwin Kernel Version 12.5.0: Mon Jul 29 16:33:49 PDT 2013; root:xnu-2050.48.11~1/RELEASE_X86_64 x86_64
There are not that many commands available for the Apple terminal. The wget command is not available, but the ifconfig command works as usual.
Admins-iMac-166:~ admin$ ifconfig en1 en1: flags=8863 mtu 1500 ether 00:1f:5b:c4:0e:b4 inet6 fe80::21f:5bff:fec4:eb4%en1 prefixlen 64 scopeid 0x5 inet 172.29.59.165 netmask 0xffffff00 broadcast 172.29.59.255 media: autoselect status: active
So, with the patch applied, a Macintosh computer can be safe to use on the web again. Just be sure to use the test website link to test your SSL implementation.