Apple released the next update for OS X, 10.8.4. Eventually, we should learn more about the security content of the update, but at this point, the security page has not been updated yet [1]. However, Apple did distribute a list of patched vulnerabilities via e-mail (thanks Dave for sharing). The update fixes a total of 33 vulnerabilities. Here are some of the highlights:
Other changes: Gatekeeper will check downloaded JNLP applications and may require a valid developer ID certificate. In addition, this update includes Safari 6.0.5 with various improvements / security fixes not listed here. Safari 6.0.5 patches a total of 23 arbitrary code execution vulnerabilities, two cross site scriting issue and one problem with the XSS Auditor that may cause form submissions to be altered.
------ |
Johannes 4478 Posts ISC Handler Jun 5th 2013 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Thread locked Subscribe |
Jun 5th 2013 8 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Typo above: CVE-2013-5519 here really means CVE-2012-5519; it was known publicly and the vendor notified almost 7 months ago. A user who could configure printers could also read/overwrite any file on that system.
I'd never seen a detailed list before of the vulnerabilities that are patched in OS X. The attack surface is so broad here, from network services to multimedia codecs. People don't use these devices for anything important, do they? Like accessing their email, Internet banking, software development... |
Steven C. 171 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 5th 2013 8 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OS X 10.8.4 update information - http://support.apple.com/kb/HT5730
Security content, - http://support.apple.com/kb/HT5784 Safari 6.0.5 security content - http://support.apple.com/kb/HT5785 The combo updater download is about 900 meg. It took about 20 minutes to install on a 2012 MacBook Pro running 10.8.3. |
Steven C. 6 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 5th 2013 8 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
p.s. Steven, the attack surface doesn't seem any broader than the average Windows or Linux update...
|
Steven C. 6 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 5th 2013 8 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Looks like there's also a Security Update 2013-002 for both Lion and Snow Leopard. Can anyone explain Apple's patch release policies to me; thought they only support the 2 most current versions. Did that end w/ their Java debacle?
|
Dean 135 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 5th 2013 8 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re: Apple software update lifecycle
Actually, its a -2 methodology. They support the existing OS version currently being installed and the two previous. So that would mean everything back to 10.6.x (snowleopard) is still being supported. When they go to a 10.9, then you will effectively only get updates for 10.7 and later. |
TexISO 19 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 6th 2013 8 years ago |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Seems that not too long ago it was -1 strategy (http://www.computerworld.com/s/article/9231513/Apple_goes_against_grain_extends_support_for_Snow_Leopard)
|
Dean 135 Posts |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Quote |
Jun 6th 2013 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!