Apple has released Security Update 2014-002 for 10.8 Mountain Lion, 10.7 Lion, and 10.7 Lion Server, with many of the same security fixes applied to the recently released OS X 10.9.4 Mavericks (see “OS X 10.9.4 Includes Wi-Fi, Wake from Sleep Fixes,” 30 June 2014). All three releases receive updates to the certificate trust policy, as well as fixes for vulnerabilities in maliciously crafted ZIP files, cURL re-using NTLM connections, and the Dock’s handling of messages from applications. The Mountain Lion Security Update also patches vulnerabilities related to a kernel memory issue with graphics drivers, a validation issue in the handling of OpenCL API calls, and array indexing with IOAcceleratorFamily (see the full list of patched vulnerabilities). (All updates are free. For 10.8 Mountain Lion, 139.3 MB; for 10.7 Lion, 134 MB; for 10.7 Lion Server, 184.3 MB.)
Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.