This article originally appeared in TidBITS on 2015-01-28 at 11:27 a.m.
The permanent URL for this article is:
Include images: Off

Security Update 2015-001 (Mountain Lion and Mavericks)

by Josh Centers

For users of OS X 10.8 Mountain Lion and 10.9 Mavericks, Apple has released Security Update 2015-001 [1] with a number of security fixes matching those in the OS X Yosemite 10.10.2 Update (see “Apple Releases OS X 10.10.2, iOS 8.1.3, and Apple TV 7.0.3 [2],” 27 January 2015). These fixes address vulnerabilities in App Store logging, Bluetooth, command-line utilities, font handling, graphics drivers, PDF handling, Spotlight, and more. Unfortunately, the security update does not include a fix for the Thunderstrike attack, leaving Macs running older operating systems vulnerable (see “Thunderstrike Proof-of-Concept Attack Serious, but Limited,” 9 January 2015). However, the update does include Safari 6.2.3 for Mountain Lion and Safari 7.1.3 for Mavericks, both of which fix multiple memory corruption issues in WebKit that could allow a malicious Web site to execute code. Security Update 2015-001 is available via Software Update or via direct download from Apple’s Support Downloads Web site. (Free. For 10.8 Mountain Lion [3], 177.4 MB; for 10.9 Mavericks [4], 62.3 MB.)