Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals
3 comments

Security Update 2013-004 for Lion and Snow Leopard

Apple has released Security Update 2013-004 for Mac OS X 10.7 Lion and 10.6 Snow Leopard, both of which receive two versions: Lion (113.23 MB) and Lion Server (161.17 MB), plus Snow Leopard (331.5 MB) and Snow Leopard Server (406.49 MB).

Most notably, the updates fix an issue in Lion where an attacker could gain superuser access by resetting the system clock. (For details, see “Hackers Can Root Macs by Going Back in Time,” 30 August 2013.)

Additionally, these updates fix other user-level vulnerabilities in Lion, including security holes in QuickTime that could permit malicious movie files to cause application crashes or arbitrary code execution, Installer packages that could be opened after certificate revocation, and an issue in Mobile Device Management that could disclose passwords to local users.

Also fixed are a number of security vulnerabilities on the Unix end, via updates to the Apache Web server, the BIND DNS server (Lion only), the ClamAV virus scanner, the IPSec security package, the PHP scripting language, and the PostgreSQL database (Lion only). (Free, various sizes)

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About Security Update 2013-004 for Lion and Snow Leopard