Apple Contacts vulnerability fixed in OS X Mavericks
Contact information sent in plain text that could be intercepted is now properly encrypted.
One of the new features Apple has included in OS X Mavericks may help put to ease worries some might have about snooping from government agencies such as has been the case surrounding the National Security Agency recently.
According to Johnathan Mayer, a Stanford University computer science doctoral student and security researcher, in prior versions of OS X, online account information set up in the Accounts system preferences were synchronized unencrypted, meaning they could be intercepted en-route between your system and services like Google and Yahoo.
In Mavericks, Apple has set address book updates for these accounts to be only sent in encrypted form.
In an interview with the Huffington Post, Mayer suggests that keyword searches of unencrypted Web traffic was one mode by which the , and that this development in OS X ought to quell this as a possibility.
In addition to the encrypted synchronization of address book data, Mayer also outlines another problem where the Contacts program in OS X was sending authentication tokens to Google in plain text, meaning if intercepted, a third-party could gain access to your entire Google address book, as opposed to only intercepting synchronized updates.
Along with the encryption of synchronization data, this vulnerability has been fixed in Mavericks. While Apple has addressed the problem on its end, the Huffington Post reports that so far Google has not addressed the issue with its services allowing the use of plain text communication of address book information.