Apple Fixes Major SSL Bug In OS X, iOS 96
Trailrunner7 writes: "Apple has fixed a serious security flaw present in many versions of both iOS and OS X and could allow an attacker to intercept data on SSL connections. The bug is one of many the company fixed Tuesday in its two main operating systems, and several of the other vulnerabilities have serious consequences as well, including the ability to bypass memory protections and run arbitrary code. The most severe of the vulnerabilities patched in iOS 7.1.1 and OSX Mountain Lion and Mavericks is an issue with the secure transport component of the operating systems. If an attacker was in a man-in-the-middle position on a user's network, he might be able to intercept supposedly secure traffic or change the connection's properties."
Re:Not a open source issue. (Score:5, Informative)
It's a MITM attack. Heartbleed is not MITM.
Re:Snow Leopard (Score:5, Informative)
An "early 2007 vintage" MBP can run Lion.
If your machine is stuck on 10.6 then it's not "early 2007" but "early 2006".
The youngest macbook pro that can't run anything later than 10.6 is the Early 2006 with the Core Duo CPU and 2GB RAM.
Yeah, really "abandonware" there. *eyeroll*
Re:Snow Leopard (Score:4, Informative)
If I upgrade to 2G of RAM, it looks like I can upgrade to Lion, but not Mountain Lion. I was going to upgrade the RAM anyway because it seems to run a bit sluggish, but the Mini maxes out at 2G, which is the lower limit of Lion. So it may be a wash, performance-wise.
No, it will be a huge step backwards. Do not, under any circumstance, install Lion if you can possibly avoid it. Not only is 2GB not enough to run Lion in any reasonable manner, but even if you have more RAM than that, Lion is a molasses sucking pig. The last OS for any hardware I used that was that bad and that much of a step backwards from what came before it was... umm... Wow, can't think of one. Lion wins. Or, actually, loses.
Installing it was the worst single decision I've made regarding Apple software on my early 2008 MacBook Pro. I even did a clean install from official Apple USB media (i.e. the USB fob you had to pay extra for instead of just downloading it) and upgraded RAM to 4GB on account of Lion. Take it from myself and several of my coworkers who regretted every getting within 100 feet of Lion that it is best avoided. Mountain Lion didn't suck, but only by comparison to Lion. Mavericks is a little bit better yet, but still not nearly as snappy as Snow Leopard.
My gut reaction: Don't worry about Snow Leopard being out of date, even security-wise. A man-in-the-middle is rare in most environments, and Snow Leopard is already quickly diminishing in market share, so it's not terribly likely to be widely exploited. Compared to the every day pain you'll cause yourself by installing Lion or later, the tiny risk profile of running a vulnerable Snow Leopard is worth it, in my opinion.