科技回声

9 条评论

dan1234大约 11 年前

FTA:Security - Secure TransportAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2Impact: An attacker with a privileged network position may capturedata or change the operations performed in sessions protected by SSLDescription: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other.To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. This issue does not affect Mac OS X 10.7 systems and earlier.CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria ParisThat doesn't sound good…

评论 #7629911 未加载

评论 #7630819 未加载

评论 #7629917 未加载

peterkelly大约 11 年前

"This issue was addressed by ignoring incomplete HTTP header lines."I hope they've taken into account the fact that the value of a HTTP header can span multiple lines (RFC2616 section 4.2)

评论 #7631430 未加载

rdl大约 11 年前

Really glad they released OSX and iOS on the same day this time.

评论 #7631882 未加载

chmars大约 11 年前

AirPort base stations seems to be affected too, I got at least an update for a relatively new AirPort Extreme (running now 7.7.3), however, not for older base stations (running 7.6.4).

评论 #7630958 未加载

评论 #7630885 未加载

gpvos大约 11 年前

This seems to be the <s>first</s>second security update that is not available for 10.6.Is there anywhere where Apple officially announces when they stop supporting an OS X version?

评论 #7632820 未加载

SeanLuke大约 11 年前

Not available for 10.5.x it would appear.

评论 #7630008 未加载

评论 #7629898 未加载

评论 #7630024 未加载

p4lindromica大约 11 年前

Those ruby vulnerabilities are old news ...<a href="https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/" rel="nofollow">https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-i...</a>

grapeshot大约 11 年前

It's time I made sure my family's 2007 iMacs are up to date, I guess. At least one of them is probably still on 10.6 because they send me things in Word for Mac 2004 format and that definitely won't run on anything newer because it's PPC-only code.

beejiu大约 11 年前

On a practical note, has anybody's Adobe Flash stopped working after this update? Any ideas on why it could be affected?

9 条评论

dan1234大约 11 年前

评论 #7629911 未加载

评论 #7630819 未加载

评论 #7629917 未加载

peterkelly大约 11 年前

"This issue was addressed by ignoring incomplete HTTP header lines."I hope they've taken into account the fact that the value of a HTTP header can span multiple lines (RFC2616 section 4.2)

评论 #7631430 未加载

rdl大约 11 年前

Really glad they released OSX and iOS on the same day this time.

评论 #7631882 未加载

chmars大约 11 年前

AirPort base stations seems to be affected too, I got at least an update for a relatively new AirPort Extreme (running now 7.7.3), however, not for older base stations (running 7.6.4).

评论 #7630958 未加载

评论 #7630885 未加载

gpvos大约 11 年前

This seems to be the <s>first</s>second security update that is not available for 10.6.Is there anywhere where Apple officially announces when they stop supporting an OS X version?

评论 #7632820 未加载

SeanLuke大约 11 年前

Not available for 10.5.x it would appear.

评论 #7630008 未加载

评论 #7629898 未加载

评论 #7630024 未加载

p4lindromica大约 11 年前

grapeshot大约 11 年前

beejiu大约 11 年前

On a practical note, has anybody's Adobe Flash stopped working after this update? Any ideas on why it could be affected?

Security Update 2014-002

9 条评论

Security Update 2014-002

9 条评论