Apple Pushes Out Critical Mac Security Updates
Mac OS X 10.8 Mountain Lion running on a MacBook Air.
CREDIT: Apple, Inc.
Apple has just released another round of fixes and patches for OS X Mountain Lion, technically designated 10.8.4. These will probably be Mountain Lion's last nonsecurity updates before Apple announces its new operating system at its Worldwide Developers Conference next Monday (June 10).
In conjunction with the Mountain Lion updates, Apple also released security patches for its two older OSs, Lion and Snow Leopard.
First, the housekeeping: FaceTime can now make video calls to phone numbers outside the United States; connecting to certain enterprise Wi-Fi networks should be more reliable; running Boot Camp won't make the computer refuse to enter Sleep Mode; and the tendency for text and chat messages to appear out of order has been corrected.
Mountain Lion's QuickTime media player also got a few bug fixes, as did several of the open-source components, such as OpenSSL and Ruby, which are critical to the OS’s operation.
[See also: Five Apple Security Myths and the Hard Truths]
Mountain Lion also received some significant security updates. Of the 31 security-related patches, 17 were marked "may lead to an unexpected application termination or arbitrary code execution." That's Apple's way of saying they were critical bugs.
The update also includes more comprehensive security fixes. For one, the updated Gatekeeper, Apple's built-in software-checking system, will now require Java Web Start applets to have a valid Apple developer ID signature in order to be launched.
Java has long been a security risk, but Apple continues to support it because the software is still widely used on many websites.
Safari also received patches for 26 vulnerabilities to WebKit, the open-source engine that powers the browser. The situation seems pretty ordinary — until you realize Apple found only one of the 26 vulnerabilities on its own. Eighteen of the vulnerabilities were found by Google employees or individuals known to work with Google.
This is significant because, while Google currently uses WebKit to power its own Chrome and Chrome OS browsers, the company is in the process of switching to a homegrown engine called Blink. Apple will no longer be able to rely on Google engineers to uncover WebKit vulnerabilities.
For Lion and Snow Leopard, Apple released patches for Security Update 2013-002.
It’s especially significant that Apple continues to support Snow Leopard — an operating system first released in 2009 that is, nevertheless, still very popular among users — because Apple's forthcoming new OS will make Snow Leopard three generations old.
The new OS's name is still unknown, though if past trends hold, it'll be some sort of large feline. Regardless, these fixes to Mountain Lion, Lion and Snow Leopard should keep Mac users happy for a while longer.