Today the heartbleed OpenSSL exploit was announced in the wild, which allows an attacker to surreptitiously detect and steal private server keys (allowing them to MitM and decrypt your encrypted data and steal passwords). This affects OpenSSL versions including 1.0.1f which is the version on my up-to-date Mavericks computer Mac (because I used port/brew to install other software which updated my openssl without me realizing it):
$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
This demonstrates I am not using the Mavericks version of OpenSSL:
$ which openssl
/opt/local/bin/openssl
OpenSSL released a fix today in 1.0.1g and I wonder how I can get this fixed version installed over my current version?
Best Answer
For what it's worth, I just used homebrew (http://brew.sh/):
If one of the bad versions come up (1.0.1a-f), you can figure out which version of openssl you're using, this way:
Often this is from /usr/bin. To make sure you get the updated version, drop a symlink into /usr/local/bin to point to the updated openssl, like this:
As an alternative to that final step, some people replace the openssl in
/usr/bin
with a symlink to/usr/local/Cellar/openssl/1.0.1g/bin/openssl
(or whatever your version is):But this is known to cause problems with some more recent versions of OSX. Better to just insert a new symlink into /usr/local/bin, which should take precedence on your path over /usr/bin.