Apple updates Mountain Lion, patches Safari
OS X 10.8.3 adds Boot Camp support for Windows 8
Apple yesterday updated OS X Mountain Lion for the first time in six months, patching 14 security vulnerabilities and addressing a host of other issues.
Alongside the operating system update, Apple also upgraded the Safari browser to version 6.0.3, fixing 17 security flaws.
OS X 10.8.3 dealt with several non-security flaws, including a pair related to Active Directory, Microsoft's domain authentication technology, and added new features that ranged from Boot Camp support for Windows 8 to letting users redeem app gift cards by holding the card in front of their Mac's built-in camera.
The last time Apple updated OS X Mountain Lion was Sept. 19, 2012, about two months after its debut.
Mountain Lion's new-found support for Boot Camp came five months after Microsoft launched that edition, and was accompanied by a fix that allowed iMacs with 3TB hard drives to run the utility that lets users switch between OS X and Windows. Previously, a bug prevented iMacs with drives that size to run the dual-boot software.
Separate updates were posted to provide the necessary Windows 7 and Windows 8 drivers for Boot Camp.
Other fixes addressed in 10.8.3 included one for a screen problem when the Mac woke from sleep, another for audio stuttering on 2011 Macs, and a third that reportedly improved Mail's reliability when fetching messages from an Exchange server.
On the security side, only four of the 14 Mountain Lion vulnerabilities were accompanied with the phrase "may lead to ... arbitrary code execution," Apple's way of classifying the bug as critical.
One flaw involved Java, the Oracle software that has been plagued by a rash of zero-day disclosures and emergency updates. "Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically, even if the Java plug-in is disabled," Apple said in its advisory.
Another could be exploited by a rigged PDF document, said Apple.
As often is the case, several of the flaws were in open-source code that Apple includes or integrates with OS X, ranging from the Apache Web server to Ruby on Rails.
Safari, which was updated to 6.0.3 for both Mountain Lion and OS X Lion, received 17 patches, 15 of them in WebKit, the open-source browser engine that powers Apple's browser as well as Google's Chrome. All 15 were rated critical.
Eight of the 15 WebKit bugs were reported by members of Google's security team, seven attributed to Abhishek Arya, better known as "inferno" in the security community.
Apple also patched Macs running Lion and Snow Leopard with Security Update 2013-001. The Snow Leopard update was notable because it arrived a record eight months after the introduction of Mountain Lion, reinforcing the idea that Apple has changed its support policy and will patch "n-2," where "n" is the current edition of OS X.
Traditionally, Apple has dropped support of n-2 upon the launch of n, but the back-to-back releases of Lion and Mountain Lion in 2011 and 2012, and the refusal of Snow Leopard to go away -- in February, it powered nearly 28% of all Macs -- has apparently altered Apple's policy.
OS X 10.8.3 and Security Update 2013-001 are available by selecting "Software Update..." from the Apple menu, or by opening the Mac App Store application and clicking the Update icon at the top right of the screen. The updates can also be downloaded manually from Apple's support site.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is firstname.lastname@example.org.
Read more about mac os x in Computerworld's Mac OS X Topic Center.