Security Update 2013-004 for Lion and Snow Leopard
Apple has released Security Update 2013-004 for Mac OS X 10.7 Lion and 10.6 Snow Leopard, both of which receive two versions: Lion (113.23 MB) and Lion Server (161.17 MB), plus Snow Leopard (331.5 MB) and Snow Leopard Server (406.49 MB).
Most notably, the updates fix an issue in Lion where an attacker could gain superuser access by resetting the system clock. (For details, see “Hackers Can Root Macs by Going Back in Time,” 30 August 2013.)
Additionally, these updates fix other user-level vulnerabilities in Lion, including security holes in QuickTime that could permit malicious movie files to cause application crashes or arbitrary code execution, Installer packages that could be opened after certificate revocation, and an issue in Mobile Device Management that could disclose passwords to local users.
Also fixed are a number of security vulnerabilities on the Unix end, via updates to the Apache Web server, the BIND DNS server (Lion only), the ClamAV virus scanner, the IPSec security package, the PHP scripting language, and the PostgreSQL database (Lion only). (Free, various sizes)
I cannot successfully download Security Update 2013-4 on my MacBook 10.6.8 (SnowLeopard). After 2 hours of downloading, seemingly 100%, I receive the message, [The update “Security Update 2013-004” can’t be saved]. Three times this happened. Right now I'm downloading "SecUpd2013-004.dmg" which is 113MB.
You might run Disk Utility and check for drive corruption, just in case.
I run t iMacs with Snow Leopard. I updated the software on one and restarted the computer as required. From that moment on I was unable to log on. I had to do a full system reinstall as I was unable to do anything including using safe mode.
I was advised by Apple NOT to run security updates on my other Mac for a couple of months as this was one of many issues with the security fix