Apple releases Mac OS X 10.8.4
Apple has released an update to Mac OS X 10.8, 10.8.4, designed to fix bugs and close security holes. According to the security advisory, 31 vulnerabilities were fixed in the operating system and a further 26 were fixed in an update to Safari 6.0.5. A security update for earlier Mac OS X versions, Security Update 2013-002, was also released.
Operating system flaws fixed included 12 holes in OpenSSL (also fixed in Mac OS X 10.6.8, 10.7.x and 10.8.x), buffer overflows in Quickdraw (10.7.x and 10.8.x) and buffer overflows and memory corruption in QuickTime (10.6.8, 10.7.x and 10.8.x). Seven fixes were related to Ruby on Rails remote execution holes discovered earlier this year that affect Mac OS X 10.6.8 and Server 10.6.8 systems. Systems upgraded from 10.6.8 may also be affected; upgrading to Rails 2.3.18 fixes the problem.
There were also fixes for cookie privacy in CFNetwork (10.8.x), stack overflows in CoreAnimation (10.8.x), unintialised memory in CoreMedia Playback (10.7.x, 10.8.x), a privilege escalation in CUPS (10.8.x) and remote code execution in the directory service (10.6.8 only). The Safari update is dominated by fixes for 23 memory corruption problems discovered in WebKit. Other errors corrected were cross-site scripting related problems in IFRAME handling, in copy and pasting of HTML documents and in XSS Auditors rewriting of URLs to prevent cross-site scripting attacks.
Non-security fixes in 10.8.4 include better compatibility with enterprise wireless networks, improved Microsoft Exchange compatibility in Calendar, fixes for FaceTime calling to non-US numbers and scheduled sleep with Boot Camp as well as better VoiceOver compatibility with PDF document text.
The update will be delivered via Apple's Software Update. Users can also download the 10.8.4 update and the Security update 2013-002 (for Lion and Snow Leopard) from the Apple downloads page.