Number: IRCNE2013061865
Date: 2013/06/06
According to “computerworld”, Apple on Tuesday updated OS X Mountain Lion, likely for one of the last times, with a combination of compatibility and reliability bug fixes as well as vulnerability patches.
Mountain Lion received at least 16 non-security bug fixes. On the security side, OS X 10.8.4 patched 31 vulnerabilities in Mountain Lion, 17 of which were labeled with the phrase "may lead to ... arbitrary code execution," Apple's way of saying the bug was critical.
A majority of the patches were aimed at open-source components integrated with Mountain Lion, such as OpenSSL (13 patches) and Ruby (8), an open-source implementation of SSL encryption and a programming language, respectively. Another four patches quashed bugs in Apple's own QuickTime media player.
One of the OpenSSL patches disabled the protocol's compression to block hacks -- Apple acknowledged that there were "known attacks" -- using techniques revealed last September by a pair of security researchers. Dubbed CRIME, the attack can decrypt session cookies from supposedly-secure HTTPS connections.
Included with 10.8.4 was a Safari update that patched 26 vulnerabilities, all in WebKit, the open-source rendering engine that Apple relies on to power its browser. Most of the fixes were for critical flaws.
OS X 10.8.4 and Security Update 2013-002 can be retrieved by selecting "Software Update..." from the Apple menu, or by opening the Mac App Store application and clicking the Update icon at the top right. The updates can also be downloaded manually from Apple's support site.
- 2