This article originally appeared in TidBITS on 2014-07-03 at 6:23 a.m.
The permanent URL for this article is: http://tidbits.com/article/14891
Include images: Off

Security Update 2014-003 (Mountain Lion and Lion)

by Agen G. N. Schmitz

Apple has released Security Update 2014-002 for 10.8 Mountain Lion, 10.7 Lion, and 10.7 Lion Server, with many of the same security fixes applied to the recently released OS X 10.9.4 Mavericks (see “OS X 10.9.4 Includes Wi-Fi, Wake from Sleep Fixes [1],” 30 June 2014). All three releases receive updates to the certificate trust policy, as well as fixes for vulnerabilities in maliciously crafted ZIP files, cURL re-using NTLM connections, and the Dock’s handling of messages from applications. The Mountain Lion Security Update also patches vulnerabilities related to a kernel memory issue with graphics drivers, a validation issue in the handling of OpenCL API calls, and array indexing with IOAcceleratorFamily (see the full list [2] of patched vulnerabilities). (All updates are free. For 10.8 Mountain Lion [3], 139.3 MB; for 10.7 Lion [4], 134 MB; for 10.7 Lion Server [5], 184.3 MB.)

[1]: http://tidbits.com/article/14881
[2]: http://support.apple.com/kb/HT6296
[3]: http://support.apple.com/kb/DL1753
[4]: http://support.apple.com/kb/DL1751
[5]: http://support.apple.com/kb/DL1752