Apple Fix Reading Time: 1 minute

Apple has released fixes for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5 to address vulnerabilities in SSL 3.0, referred to as the POODLE bug. An attacker can use the but to decrypt data protected by SSL

Earlier this week, Google announced that they had identified known attacks that compromised the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. SSL 3.0 has known vulnerabilities that could allow hackers to read user cookies and private communication.

Comodo recommends disabling SSL 3.0 on servers and on older browsers. Newer browsers already disable SSL 3.0 by default.

To disable SSL 3.0 on Internet Explorer 9, do the following:
1) Select Tools (Alt+X)
2) Select Internet Options
3) Select the Advanced tab
4) In the Security group, uncheck Use SSL 3.0

If you are not sure if your browser currently uses SSL 3.0, you can check a the web site poodletest.com.

Users and administrators should review Apple Security Update HT6531 (link is external) for additional details.
ITSM For Mac

START FREE TRIAL GET YOUR INSTANT SECURITY SCORECARD FOR FREE