Apple Contacts vulnerability fixed in OS X Mavericks

Contact information sent in plain text that could be intercepted is now properly encrypted.

One of the new features Apple has included in OS X Mavericks may help put to ease worries some might have about snooping from government agencies such as has been the case surrounding the National Security Agency recently.

According to Johnathan Mayer, a Stanford University computer science doctoral student and security researcher, in prior versions of OS X, online account information set up in the Accounts system preferences were synchronized unencrypted, meaning they could be intercepted en-route between your system and services like Google and Yahoo.

Accounts list in the Contacts application
Google accounts set up in the Contacts program preferences are now encrypted when synced to Google's servers. Screenshot by Topher Kessler/CNET

In Mavericks, Apple has set address book updates for these accounts to be only sent in encrypted form.

In an interview with the Huffington Post, Mayer suggests that keyword searches of unencrypted Web traffic was one mode by which the NSA collected Google address book information , and that this development in OS X ought to quell this as a possibility.

In addition to the encrypted synchronization of address book data, Mayer also outlines another problem where the Contacts program in OS X was sending authentication tokens to Google in plain text, meaning if intercepted, a third-party could gain access to your entire Google address book, as opposed to only intercepting synchronized updates.

Along with the encryption of synchronization data, this vulnerability has been fixed in Mavericks. While Apple has addressed the problem on its end, the Huffington Post reports that so far Google has not addressed the issue with its services allowing the use of plain text communication of address book information.



Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

About the author

    Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Love heavy and clunky tablets?

    Said no one ever. CNET brings you the lightest and thinnest tablets on the market.