toggle

AAPL Stock: 112.01 ( -0.53 )

Printed from http://www.macnn.com

Security update for Lion, Lion Server, Mountain Lion issued

updated 06:06 pm EDT, Wed July 2, 2014

Addresses numerous flaws, bugs already addressed in Mavericks 10.9.4

Alongside the release of OS X 10.9.4 Mavericks for newer Macs, Apple has also releases security-oriented updates for OS X 10.7.x (Lion), the server version of Lion, and for 10.8.x Mountain Lion. The vulnerabilities patched for all three versions include an update to the certificate trust policy, a flaw in the "copyfile" command, and an issue with the Dock that could allow apps to circumvent the sandboxing restrictions. Numerous other discovered potential security vulnerabilities were also addressed.

Issues that were shared with both Mountain Lion and Mavericks up to 10.9.3 included a flaw in the graphics drivers system that allowed users to read the contents of kernel memory, as well as a validation issue regarding OpenGL by the Intel graphics driver. Similar issues were addressed with Intel Compute and the IO Accelerator Family. In addition, a flaw was discovered by an Adium researcher in the secure transport mechanism and addressed. Many of the issues fixed were uncovered by Ian Beer of Google Project Zero.

OS X 10.9.4, released on Monday, addressed any overlapping security issues covered in the Lion, Lion Server and Mountain Lion updates, as well as addressing a handful of new issues. Among the flaws fixed in 10.9.4 were a vulnerability in curl that could allow access to another user's session; an iBooks Commerce flaw that could conceivably have allowed an attacker with system access to read login credentials; bugs that could allow local users to bypass address space randomization in the IOGraphics Family; an IOReporting glitch that could cause a spontaneous restart; various flaws in launchd; a bug in Keychain that sometimes disallowed keystrokes, and a security issue in Thunderbolt.

Users can update their systems by launching Software Update, where they will see the appropriate security update available for their OS version. For Mavericks owners, updating to 10.9.4 includes all the patches to fix the issues present in 10.9.0-10.9.3. The updates are free for all users.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. Marauder

    Fresh-Faced Recruit

    Joined: 11-15-09

    Looks like the end of support for Snow Leopard then, pretty good that they kept up Security Updates for so long tho.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented