Mavericks updated, Snow Leopard forgotten

18. December 2013 Security 0

Yesterday Mavericks received it’s first update 10.9.1. Here are the details.

  • Improved support for Gmail in OS X Mail, and fixes for users with custom Gmail settings
  • Improves the reliability of Smart Mailboxes and search in Mail
  • Fixes an issue that prevented contact groups from working properly in Mail
  • Resolves an issue that prevented VoiceOver from speaking sentences that contain emoji
  • Fixes an issue that prevented iLife and iWork apps from updating on non-English systems
  • Addresses an issue that may cause multiple prompts to unlock “Local items” keychain
  • Addresses an issue that may cause Japanese keyboards to retain a previously used language
  • Includes Safari 7.0.1
    • Fixes an issue that could cause Safari to become unresponsive when filling out forms on fedex.com, stubhub.com, and other websites
    • Improves Credit Card Autofill compatibility with websites
    • Improves VoiceOver compatibility with facebook.com
    • Updates Shared Links periodically when open in the Safari Sidebar

The update can be obtained through the Apple Menu > Software Update or directly from the Apple website here. Retina MacBook Pro (Late 2013) users should download this version instead.
Safari has received more love than this list lets on, namely security fixes for both version 6 and 7. Details:

Safari 6.1.1 and Safari 7.0.1

  • Safari
    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9
    Impact: User credentials may be disclosed to an unexpected site via autofill
    Description: Safari may have autofilled user names and passwords into a subframe from a different domain than the main frame. This issue was addressed through improved origin tracking.CVE-ID
    CVE-2013-5227 : Niklas Malmgren of Klarna AB
  • WebKit
    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9
    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
    Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.CVE-ID
    CVE-2013-2909 : Atte Kettunen of OUSPG
    CVE-2013-5195 : Apple
    CVE-2013-5196 : Google Chrome Security Team
    CVE-2013-5197 : Google Chrome Security Team
    CVE-2013-5198 : Apple
    CVE-2013-5199 : Apple
    CVE-2013-5225 : Google Chrome Security Team
    CVE-2013-5228 : Keen Team (@K33nTeam) working with HP’s Zero Day Initiative

As some of you will notice, 10.6 Snow Leopard has received no updates whatsoever. Snow Leopard users are stuck with Safari 5.1 and while this version is still able to load any website, using a browsers with known vulnerabilities is a risk. With the majority of adware/spyware/malware entering systems through the browser and Apple apparently finally giving up support for Snow Leopard, users of that OS X version are recommended to switch browsers. Firefox would be an excellent choice as it’s latest versions support OS X 10.6 and up so even older OS versions will benefit from the latest security patches and enhancements.

While it is recommended to upgrade to the latest OS X version for security reasons, not everyone can or wants to. If you run OS X 10.6 and your hardware allows it, consider upgrading. If you don’t want to, at least consider upgrading to a newer version like OS X 10.8 and if you want to upgrade but can’t due to hardware limitations, consider adding more RAM to your Mac (as this is the most common reason people can’t update).
OS X 10.9 Mavericks system requirements can be found here. The requirements for 10.8 Mountain Lion are identical.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.