Security Update 2014-005 Mitigates POODLE Vulnerability
Posted on
by
Derek Erwin
Last week Apple released Security Update 2014-005 along with OS X Yosemite 10.10. Security Update 2014-005 mitigates the POODLE vulnerability (CVE-2014-3566), a design flaw in SSL (Secure Socket Layer) 3.0 that cold be exploited by hackers.
Security Update 2014-005 is available for: OS X Mountain Lion 10.8.5, and OS X Mavericks 10.9.5.
Apple’s support page describes the mitigated vulnerability as follows:
CVE-2014-3566 : An attacker may be able to decrypt data protected by SSL. There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.
Mac users can update through Apple’s Software Update tool by choosing Apple menu > Software Update when you’re ready to install, or you can go directly to Apple’s support page to download the updates from there.
OS X Mountain Lion users go here to download Security Update 2014-005 (159.5 MB)
OS X Mavericks users go here to download Security Update 2014-005 (7.2 MB)