Mac OS X update protects users against CRIME attacks

Mac users running the latest version of Apple's OS X are now fully protected against an attack that allows hackers to hijack some encrypted browsing sessions. Apple OS X users also received new defenses against malware attacks that exploit Oracle's frequently abused Java browser plugin.

In all, an OS X update released Tuesday fixes more then 30 security bugs in addition to a host of minor usability issues. On the same day, Apple also updated its Safari browser to plug more than two dozen security holes, some of which could allow attackers to remotely execute malicious code.

The most notable fix included an update to the open-source OpenSSL cryptography library to prevent attacks that allowed hackers to hijack browser sessions even when they were protected by the HTTPS encryption. Banks, e-commerce merchants, and other sites use this encryption to prevent snooping on sensitive transactions and to prove the authenticity of their webpages. The "CRIME" attacks—short for Compression Ratio Info-leak Made Easy—are able to decrypt encrypted communications when they incorporate one of two data-compression schemes designed to reduce network bandwidth. The OpenSSL fix works by disabling compression when using the transport layer security (TLS) protocol.

Read 4 remaining paragraphs | Comments