toggle

AAPL Stock: 118.63 ( + 2.16 )

Printed from http://www.macnn.com

Security update for Lion, Lion Server, Mountain Lion issued

updated 06:06 pm EDT, Wed July 2, 2014

Addresses numerous flaws, bugs already addressed in Mavericks 10.9.4

Alongside the release of OS X 10.9.4 Mavericks for newer Macs, Apple has also releases security-oriented updates for OS X 10.7.x (Lion), the server version of Lion, and for 10.8.x Mountain Lion. The vulnerabilities patched for all three versions include an update to the certificate trust policy, a flaw in the "copyfile" command, and an issue with the Dock that could allow apps to circumvent the sandboxing restrictions. Numerous other discovered potential security vulnerabilities were also addressed.

Issues that were shared with both Mountain Lion and Mavericks up to 10.9.3 included a flaw in the graphics drivers system that allowed users to read the contents of kernel memory, as well as a validation issue regarding OpenGL by the Intel graphics driver. Similar issues were addressed with Intel Compute and the IO Accelerator Family. In addition, a flaw was discovered by an Adium researcher in the secure transport mechanism and addressed. Many of the issues fixed were uncovered by Ian Beer of Google Project Zero.

OS X 10.9.4, released on Monday, addressed any overlapping security issues covered in the Lion, Lion Server and Mountain Lion updates, as well as addressing a handful of new issues. Among the flaws fixed in 10.9.4 were a vulnerability in curl that could allow access to another user's session; an iBooks Commerce flaw that could conceivably have allowed an attacker with system access to read login credentials; bugs that could allow local users to bypass address space randomization in the IOGraphics Family; an IOReporting glitch that could cause a spontaneous restart; various flaws in launchd; a bug in Keychain that sometimes disallowed keystrokes, and a security issue in Thunderbolt.

Users can update their systems by launching Software Update, where they will see the appropriate security update available for their OS version. For Mavericks owners, updating to 10.9.4 includes all the patches to fix the issues present in 10.9.0-10.9.3. The updates are free for all users.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. Marauder

    Fresh-Faced Recruit

    Joined: 11-15-09

    Looks like the end of support for Snow Leopard then, pretty good that they kept up Security Updates for so long tho.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

MaxUpgrades 512GB Retina MacBook Pro SSD

Apple's Retina line of MacBook Pro notebooks have been impressive, right from their debut in 2012. Thinner than the previous model, t ...

Lemur BlueDriver

"Oh no, the check engine light is on…again! What one of the hundreds of reasons could it be this time? Probably going to cost a for ...

toggle

Most Commented