Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

OS X 10.8.5 Fixes Nasty Text Rendering Bug

While Apple continues to move toward the upcoming debut of OS X 10.9 Mavericks, the company has quietly pushed out OS X Mountain Lion Update 10.8.5 with a handful of stability and performance fixes. The free update is available via the Mac App Store, with delta (273.72 MB — from 10.8.4) and combo (831.13 MB — from any previous version of 10.8) updaters ready for download from Apple’s Web site. Though we haven’t heard of any significant problems with the update, it’s always a good idea to wait a few days to see if any arise.

Bugs fixed include one that prevented Apple Mail from displaying messages, another that stopped the screensaver from starting automatically, and a third that stopped a smart card from unlocking preference panes in System Preferences. The update also enhances performance in three areas: AFP file transfers over 802.11ac Wi-Fi, large file transfers over Ethernet, and Open Directory authentication. Also, the update improves Xsan reliability and bundles in the bug fixes in MacBook Air (Mid 2013) Software Update 1.0 (for details, see “MacBook Air (Mid 2013) Software Update 1.0,” 22 July 2013).

But perhaps the most important change is one Apple mentioned only in a note at the end of the update’s security release notes: a patch for a nasty text rendering bug that could cause Messages and Safari to crash, and cause Wi-Fi errors if a network was named with the characters in question (see “Text Display Bug Can Render Apps Unusable,” 30 August 2013). After installing 10.8.5, we tested sample URLs that had previously caused crashes, and can confirm that Apple has squashed this bug, which had already been fixed in iOS 7 and Mavericks. It presumably still exists in the current iOS 6.1.3; we anticipate a 6.1.4 update to iOS to fix it as well.

OS X Mountain Lion Update 10.8.5 also includes a variety of security improvements, most notably a fix for an issue where an attacker could gain superuser access by resetting the system clock. (For details, see “Hackers Can Root Macs by Going Back in Time,” 30 August 2013.)

Also plugged are security holes in CoreGraphics, ImageIO, and QuickTime that could permit malicious PDFs or movie files to cause application crashes or arbitrary code execution.

Additionally, the update fixes other user-level vulnerabilities, including Installer packages that could be opened after certificate revocation, a bug that could allow users with screen sharing access to bypass the screen lock, and a vulnerability in Mobile Device Management that could disclose passwords to local users.

Finally, 10.8.5 addresses a number of security vulnerabilities on the Unix end, via updates to the Apache Web server, the BIND DNS server, the ClamAV virus scanner, the IPSec security package, the PHP scripting language, and the PostgreSQL database. Plus, a bug in the kernel was fixed that could enable a local denial of service attack.


READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <>
Special thanks to Shoshanna Green, Bill Russo, Lynda Preston, and
Rodney Haydon for their generous support!

Comments about OS X 10.8.5 Fixes Nasty Text Rendering Bug
(Comments are closed.)

Jack Ziegler  2013-09-16 11:56
Has anyone noticed that when using TextEdit the "?" will disappear after typing it? This has been happening for several years now. I keep thinking every OS upgrade will fix it, but no luck so far.
Adam Engst  An apple icon for a TidBITS Staffer 2013-09-16 12:13
That sounds like some sort of auto-correct mistake, rather than something inherent to TextEdit (it doesn't happen here, and I've never heard of it happening elsewhere either). Perhaps look int the Text pane of the Language & Text system preference pane?
Jack Ziegler  2013-09-18 21:41
Thank you Adam, sure enough your suggestion solved my long running problem.

I tip my hat to you Sir.
Adam Engst  An apple icon for a TidBITS Staffer 2013-09-19 06:46
And for my next trick, I will pull this rabbit out of a hat! :-)
B. Jefferson Le Blanc  2013-09-16 17:43
While all those security fixes are good news, I was unaware that OS X 10.8 included ClamXav. While not the best security program, it is open source which would enable Apple to use it at little or no cost.
barefootguru  An apple icon for a TidBITS Contributor 2013-09-16 20:22
OS X Server includes ClamAV (without the 'X') as part of its e-mail scanning. The free GUI ClamXav is available as a 3rd party download on the Mac App Store.