Apple has released Security Update 2014-002 with security fixes for OS X 10.9 Mavericks, as well as for those still using 10.8 Mountain Lion, 10.7 Lion, and 10.7 Lion Server. According to the release notes, the security update patches a vulnerability with HTTP headers that enabled attackers to obtain Web site credentials, which affected all three versions of OS X. It also fixes a particularly ugly vulnerability to a “triple handshake” attack that could affect both Mavericks and Mountain Lion. However, the bulk of the changes focus on Mavericks, addressing vulnerabilities with CoreServicesUIAgent Web site validation, Heimdal Kerberos authentication, ImageIO’s handling of JPEG images, and a power management issue that could prevent the system from going to sleep and keep the screen unlocked. (All updates are free. For 10.9 Mavericks, 80.5 MB; for 10.8 Mountain Lion, 135.9 MB; for 10.7 Lion, 126.9 MB; for 10.7 Lion Server, 177.2 MB.)
Enabling Auto Spelling Correction in Snow Leopard
In Snow Leopard, the automatic spelling correction in applications is not usually activated by default. To turn it on, make sure the cursor's insertion point is somewhere where text can be entered, and either choose Edit > Spelling and Grammar > Correct Spelling Automatically or, if the Edit menu's submenu doesn't have what you need, Control-click where you're typing and choose Spelling and Grammar > Correct Spelling Automatically from the contextual menu that appears. The latter approach is particularly likely to be necessary in Safari and other WebKit-based applications, like Mailplane.
Security Update 2014-002 (Mavericks, Mountain Lion, and Lion)
Check out the perks at <http://tidbits.com/member_benefits.html>
Special thanks to Archie Granot, Douglas de Stwolinska, Robert Rogers,
and John Gebhart for their generous support!