Live: Samsung Unpacked Live Updates Apple HomePod 2 Review Apple Earnings Preview Resurrecting the Dodo COVID Emergency to Expire DOJ Eyes Tesla Self-Driving DC's 'Gods and Monsters' Slate Salami, Sausage Recalled
Want CNET to notify you of price drops and the latest stories?
No, thank you

Apple Contacts vulnerability fixed in OS X Mavericks

Contact information sent in plain text that could be intercepted is now properly encrypted.

One of the new features Apple has included in OS X Mavericks may help put to ease worries some might have about snooping from government agencies such as has been the case surrounding the National Security Agency recently.

According to Johnathan Mayer, a Stanford University computer science doctoral student and security researcher, in prior versions of OS X, online account information set up in the Accounts system preferences were synchronized unencrypted, meaning they could be intercepted en-route between your system and services like Google and Yahoo.

Accounts list in the Contacts application
Google accounts set up in the Contacts program preferences are now encrypted when synced to Google's servers. Screenshot by Topher Kessler/CNET

In Mavericks, Apple has set address book updates for these accounts to be only sent in encrypted form.

In an interview with the Huffington Post, Mayer suggests that keyword searches of unencrypted Web traffic was one mode by which the NSA collected Google address book information, and that this development in OS X ought to quell this as a possibility.

In addition to the encrypted synchronization of address book data, Mayer also outlines another problem where the Contacts program in OS X was sending authentication tokens to Google in plain text, meaning if intercepted, a third-party could gain access to your entire Google address book, as opposed to only intercepting synchronized updates.

Along with the encryption of synchronization data, this vulnerability has been fixed in Mavericks. While Apple has addressed the problem on its end, the Huffington Post reports that so far Google has not addressed the issue with its services allowing the use of plain text communication of address book information.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.