I'm running the latest updates on 10.9 and I get 0.9.8y. On 7/24/2014 11:09 AM, Dominyk Tiller wrote: > Hey all, > > I noticed something in the latest Yosemite developer preview - Apple > has finally updated the OpenSSL that ships with OS X. > > We remain on the 0.9.8 branch, but 'Openssl version' now gets the > response 'OpenSSL 0.9.8za 5 Jun 2014'. I guess this confirms that OS X > was vulnerable to the security issues OpenSSL patched and announced in > early June, given Apple's extreme reluctance to update OpenSSL at any > point other than when absolutely necessary. > > I don't know however if Mavericks has been patched in the same way. > Can anyone on OS X 10.9-10.9.3/10.9.4 run the 'openssl version' > command and see what the response is? Curious if only Yosemite has > received this fix & Mavericks remains vulnerable. > > It should seem unlikely, but given Apple's history with OpenSSL > updates I'm not quite certain either way. > > I'd still prefer to be using the 1.0.1 branch but at least this seems > to close the vulnerabilities exposed last month. > > Dominyk >
signature.asc
Description: OpenPGP digital signature
