This article originally appeared in TidBITS on 2014-02-25 at 2:01 p.m.
The permanent URL for this article is:
Include images: Off

Security Update 2014-001 (Mountain Lion and Lion)

by Adam C. Engst

Along with OS X 10.9.2 (see “10.9.2 Fixes Critical SSL Security Bug, Adds FaceTime Audio [1],” 25 February 2014), Apple has released Security Update 2014-001 with security fixes for those still using OS X 10.8 Mountain Lion, 10.7 Lion, and 10.7 Lion Server. Alas, it seems that people running 10.6 Snow Leopard are now out in the cold, since this is the first security update to drop Snow Leopard-specific fixes. Security Update 2014-001 doesn’t need to address the recently discovered SSL/TLS security vulnerability (see “Apple Updates iOS and Apple TV to Fix Critical SSL Security Bug [2],” 24 February 2014) because it doesn’t affect versions of Mac OS X prior to 10.9. But the fixes it provides [3] are still significant, addressing vulnerabilities in app sandboxing, font handling, image display, Nvidia drivers, Quick Look, QuickTime, and the system clock, along with the Apache Web server and PHP scripting language. (All updates are free. For 10.8 Mountain Lion [4], 115.8 MB; for 10.7 Lion [5], 123.4 MB; for 10.7 Lion Server [6], 173.6 MB.)