March 15, 2013, 9:21 AM — Apple yesterday updated OS X Mountain Lion for the first time in six months, patching 14 security vulnerabilities and addressing a host of other issues.
Alongside the operating system update, Apple also upgraded the Safari browser to version 6.0.3, fixing 17 security flaws.
OS X 10.8.3 dealt with several non-security flaws, including a pair related to Active Directory, Microsoft's domain authentication technology, and added new features that ranged from Boot Camp support for Windows 8 to letting users redeem app gift cards by holding the card in front of their Mac's built-in camera.
The last time Apple updated OS X Mountain Lion was Sept. 19, 2012, about two months after its debut.
Mountain Lion's new-found support for Boot Camp came five months after Microsoft launched that edition, and was accompanied by a fix that allowed iMacs with 3TB hard drives to run the utility that lets users switch between OS X and Windows. Previously, a bug prevented iMacs with drives that size to run the dual-boot software.
Separate updates were posted to provide the necessary Windows 7 and Windows 8 drivers for Boot Camp.
Other fixes addressed in 10.8.3 included one for a screen problem when the Mac woke from sleep, another for audio stuttering on 2011 Macs, and a third that reportedly improved Mail's reliability when fetching messages from an Exchange server.
On the security side, only four of the 14 Mountain Lion vulnerabilities were accompanied with the phrase "may lead to ... arbitrary code execution," Apple's way of classifying the bug as critical.
One flaw involved Java, the Oracle software that has been plagued by a rash of zero-day disclosures and emergency updates. "Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically, even if the Java plug-in is disabled," Apple said in its advisory.
Another could be exploited by a rigged PDF document, said Apple.
As often is the case, several of the flaws were in open-source code that Apple includes or integrates with OS X, ranging from the Apache Web server to Ruby on Rails.
Safari, which was updated to 6.0.3 for both Mountain Lion and OS X Lion, received 17 patches, 15 of them in WebKit, the open-source browser engine that powers Apple's browser as well as Google's Chrome. All 15 were rated critical.
Eight of the 15 WebKit bugs were reported by members of Google's security team, seven attributed to Abhishek Arya, better known as "inferno" in the security community.