Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Security update for Lion, Lion Server, Mountain Lion issued

Security update for Lion, Lion Server, Mountain Lion issued
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Jul 2, 2014, 06:12 PM
 
Alongside the release of OS X 10.9.4 Mavericks for newer Macs, Apple has also releases security-oriented updates for OS X 10.7.x (Lion), the server version of Lion, and for 10.8.x Mountain Lion. The vulnerabilities patched for all three versions include an update to the certificate trust policy, a flaw in the "copyfile" command, and an issue with the Dock that could allow apps to circumvent the sandboxing restrictions. Numerous other discovered potential security vulnerabilities were also addressed.

Issues that were shared with both Mountain Lion and Mavericks up to 10.9.3 included a flaw in the graphics drivers system that allowed users to read the contents of kernel memory, as well as a validation issue regarding OpenGL by the Intel graphics driver. Similar issues were addressed with Intel Compute and the IO Accelerator Family. In addition, a flaw was discovered by an Adium researcher in the secure transport mechanism and addressed. Many of the issues fixed were uncovered by Ian Beer of Google Project Zero.

OS X 10.9.4, released on Monday, addressed any overlapping security issues covered in the Lion, Lion Server and Mountain Lion updates, as well as addressing a handful of new issues. Among the flaws fixed in 10.9.4 were a vulnerability in curl that could allow access to another user's session; an iBooks Commerce flaw that could conceivably have allowed an attacker with system access to read login credentials; bugs that could allow local users to bypass address space randomization in the IOGraphics Family; an IOReporting glitch that could cause a spontaneous restart; various flaws in launchd; a bug in Keychain that sometimes disallowed keystrokes, and a security issue in Thunderbolt.

Users can update their systems by launching Software Update, where they will see the appropriate security update available for their OS version. For Mavericks owners, updating to 10.9.4 includes all the patches to fix the issues present in 10.9.0-10.9.3. The updates are free for all users.
     
Marauder
Fresh-Faced Recruit
Join Date: Nov 2009
Status: Offline
Reply With Quote
Jul 3, 2014, 03:55 AM
 
Looks like the end of support for Snow Leopard then, pretty good that they kept up Security Updates for so long tho.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 10:32 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,