Apple Planning Fix for OS X SSL Bug as New Research Reveals iMessage, Other Apps Affected - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

Apple Planning Fix for OS X SSL Bug as New Research Reveals iMessage, Other Apps Affected

Apple has confirmed that it will issue a software update "very soon" to patch the security flaw found in OS X that allows attackers to capture or modify data protected by the SSL/TLS protocols in Safari, reports Reuters. The vulnerability of OS X to the bug was detailed by security firm CrowdStrike and a Google engineer last Friday, and came right after Apple released iOS 7.0.6 to fix the SSL-related issues on iOS.

However, the security flaw, which has been termed "GoToFail" by security specialists due to the improperly used "goto" command that triggers it, may be affecting more than just Safari. Independent privacy researcher Ashkan Soltani has pointed out on his Twitter (via Forbes) that Apple's vulnerable SSL library is also used by apps including FaceTime, iMessage, Twitter, Calendar, Keynote, Mail, iBooks, Software Update, and more.

gotofail_list_of_apps

A list of apps deemed vulnerable to the SSL bug found in OS X and iOS by security researcher Ashkan Soltani

Soltani does point out that apps such as iMessage and FaceTime have addded security measures that weaken the effects of the security flaw, but also added that the initial iCloud login used to authenticate such apps may also be compromised. The researcher states that other parts of the protocol such as the handshake between a service and a device are vulnerable to an attack as well, and will need to be secured by Apple.

Currently, users can check whether or not their computers are affected by the vulnerability by visiting gotofail.com in Safari. As users wait for a fix to the flaw, CrowdStrike recommends avoiding untrusted and unsecured WiFi networks while traveling. The site also recommends that users update to iOS 7.0.6 if they have not yet installed it on their iOS devices.

Popular Stories

iCloud iPhone 17 Pro

iPhone Users Who Pay for iCloud Storage Get Two New Perks on iOS 27

Thursday July 2, 2026 6:10 am PDT by
If you pay for certain iCloud+ storage plans beyond the 5GB that Apple offers for free, you will receive two more perks on iOS 27 at no additional cost. A summary of the two new iCloud+ perks on iOS 27:Increased daily usage limits for some new Apple Intelligence features, including image generation in the revamped Image Playground app. HomeKit Secure Video cameras receive generated video...
Apple Event Logo

Apple Just Released a New Product

Thursday July 2, 2026 8:04 am PDT by
Apple's first product release of summer 2026 occurred this week, but do not get too excited, as it is merely the Beats Solo Buds in a new color. Beats Solo Buds are now offered in orange through Best Buy in the U.S., with availability set to expand to 7-Eleven stores in Japan on July 4. Apple already offered orange Solo Buds in India for free with the purchase of an iPhone 15 or iPhone 15 ...
iPhone 4 on Black Feature

Apple Facing One of Its Worst Leaks Since the iPhone 4

Thursday July 2, 2026 9:53 am PDT by
Apple supplier Tata Electronics recently suffered a cyberattack that resulted in thousands of confidential files being published on the dark web, and this reportedly included some photos and documents related to the upcoming iPhone 18 Pro. We have elected not to share any of the leaked photos in this story due to the illegal nature in which they were obtained, but they can easily be found...

Top Rated Comments

161 months ago
I can imagine an NSA techie slamming his head into a wall while saying "*******! They found the loophole I inserted!"
Score: 21 Votes (Like | Disagree)
161 months ago
No security.

Great work, Apple!
Score: 12 Votes (Like | Disagree)
161 months ago
i hope this is a separate security release, and not only available in 10.9.2.

And it better come tomorrow :mad:
Score: 12 Votes (Like | Disagree)
SantaFeNM Avatar
161 months ago
Very soon.....

My definition of "very soon," and Apple's definition of "very soon," are very different. :(
Score: 11 Votes (Like | Disagree)
mw360 Avatar
161 months ago
So are Apple going to block all these vulnerable apps from running until a fix is available? Or is that kind of calling-out just reserved for Flash.
Score: 7 Votes (Like | Disagree)
Sky Blue Avatar
161 months ago
i hope this is a separate security release, and not only available in 10.9.2.
Score: 6 Votes (Like | Disagree)