OS X Mavericks v10.9.2 and Security Update 2014-001 now available

bwana

bwana

MyBroadband
Super Moderator
Joined
Feb 23, 2005
Messages
97,697
Reaction score
37,830
Location
Plz
Download available either via Software update or Apple's download site. Since this hopefully fixes the SSL nightmare…

About the security content of OS X Mavericks v10.9.2 and Security Update 2014-001
This document describes the security content of OS X Mavericks v10.9.2 and Security Update 2014-001.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates".

This update can be downloaded and installed using Software Update, or from the Apple Support website.

OS X Mavericks 10.9.2 and Security Update 2014-001
Apache

Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1

Impact: Multiple vulnerabilities in Apache

Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.26.

CVE-ID

CVE-2013-1862

CVE-2013-1896

App Sandbox

Available for: OS X Mountain Lion v10.8.5

Impact: The App Sandbox may be bypassed

Description: The LaunchServices interface for launching an application allowed sandboxed apps to specify the list of arguments passed to the new process. A compromised sandboxed application could abuse this to bypass the sandbox. This issue was addressed by preventing sandboxed applications from specifying arguments. This issue does not affect systems running OS X Mavericks 10.9 or later.

CVE-ID

CVE-2013-5179 : Friedrich Graeter of The Soulmen GbR

ATS

Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1

Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution

Description: A memory corruption issue existed in the handling of handling of Type 1 fonts. This issue was addressed through improved bounds checking.

CVE-ID

CVE-2014-1254 : Felix Groebert of the Google Security Team

ATS

Available for: OS X Mavericks 10.9 and 10.9.1

Impact: The App Sandbox may be bypassed

Description: A memory corruption issue existed in the handling of Mach messages passed to ATS. This issue was addressed through improved bounds checking.

CVE-ID

CVE-2014-1262 : Meder Kydyraliev of the Google Security Team

ATS

Available for: OS X Mavericks 10.9 and 10.9.1

Impact: The App Sandbox may be bypassed

Description: An arbitrary free issue existed in the handling of Mach messages passed to ATS. This issue was addressed through additional validation of Mach messages.

CVE-ID

CVE-2014-1255 : Meder Kydyraliev of the Google Security Team

ATS

Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1

Impact: The App Sandbox may be bypassed

Description: A buffer overflow issue existed in the handling of Mach messages passed to ATS. This issue was addressed by additional bounds checking.

CVE-ID

CVE-2014-1256 : Meder Kydyraliev of the Google Security Team

Certificate Trust Policy

Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1

Impact: Root certificates have been updated

Description: The set of system root certificates has been updated. The complete list of recognized system roots may be viewed via the Keychain Access application.

CFNetwork Cookies

Available for: OS X Mountain Lion v10.8.5

Impact: Session cookies may persist even after resetting Safari

Description: Resetting Safari did not always delete session cookies until Safari was closed. This issue was addressed through improved handling of session cookies. This issue does not affect systems running OS X Mavericks 10.9 or later.

CVE-ID

CVE-2014-1257 : Rob Ansaldo of Amherst College, Graham Bennett

CoreAnimation

Available for: OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 and 10.9.1

Impact: Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code execution

Description: A heap buffer overflow existed in CoreAnimation's handling of images. This issue was addressed through improved bounds checking.

CVE-ID

CVE-2014-1258 : Karl Smith of NCC Group

CoreText

Available for: OS X Mavericks 10.9 and 10.9.1

Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution

Description: A signedness issue existed in CoreText in the handling of Unicode fonts. This issue is addressed through improved bounds checking.

CVE-ID

CVE-2014-1261 : Lucas Apa and Carlos Mario Penagos of IOActive Labs

curl

Available for: OS X Mavericks 10.9 and 10.9.1

Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information

Description: When using curl to connect to an HTTPS URL containing an IP address, the IP address was not validated against the certificate. This issue does not affect systems prior to OS X Mavericks v10.9.

CVE-ID

CVE-2014-1263 : Roland Moriz of Moriz GmbH

Data Security

Available for: OS X Mavericks 10.9 and 10.9.1

Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS

Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps.

CVE-ID

CVE-2014-1266
...
Click to expand...
And much more
http://support.apple.com/kb/HT6150
 
About the OS X Mavericks v10.9.2 Update

About the OS X Mavericks v10.9.2 Update
Learn about the OS X Mavericks v10.9.2 Update

The OS X Mavericks v10.9.2 Update is recommended for all OS X Mavericks users.

Updating your system
You should back up your system before installation. To do this you can use Time Machine.
Do not interrupt the installation process once you have started to update your system.
You may experience unexpected results if you have third-party system software modifications installed, or if you've modified the operating system through other means.
Choose Apple menu () > Software Update to check for the latest Apple software using the Mac App Store, including this update.
Other software updates available for your computer may appear, which you should install. Note that an update's size may vary from computer to computer when installed using Software Update. Also, some updates must be installed prior to others.
You can also download the manual update installer. This is a useful option when you need to update multiple computers, but only want to download the update once. Standalone installers are available from Apple Support Downloads.

About the update
The OS X Mavericks v10.9.2 Update is recommended for all OS X Mavericks users. It improves the stability, compatibility, and security of your Mac. This update:

Adds the ability to make and receive FaceTime audio calls
Adds call waiting support for FaceTime audio and video calls
Adds the ability to block incoming iMessages from individual senders
Includes general improvements to the stability and compatibility of Mail
Improves the accuracy of unread counts in Mail
Resolves an issue that prevented Mail from receiving new messages from certain providers
Improves AutoFill compatibility in Safari
Fixes an issue that may cause audio distortion on certain Macs
Improves reliability when connecting to a file server using SMB2
Fixes an issue that may cause VPN connections to disconnect
Improves VoiceOver navigation in Mail and Finder
Improves VoiceOver reliability when navigating websites
Improves compatibility with Gmail Archive mailboxes
Includes improvements to Gmail labels
Improves Safari browsing and Software Update installation when using an authenticated web proxy
Fixes an issue that could cause the Mac App Store to offer updates for apps that are already up to date
Improves the reliability of diskless NetBoot service in OS X Server
Fixes braille driver support for specific HandyTech displays
Resolves an issue when using Safe Boot with some systems
Improves ExpressCard compatibility for some MacBook Pro 2010 models
Resolves an issue which prevented printing to printers shared by Windows XP
Resolves an issue with Keychain that could cause repeated prompts to unlock the Local Items keychain
Fixes an issue that could prevent certain preference panes from opening in System Preferences
Fixes an issue that may prevent migration from completing while in Setup Assistant
For detailed information about the security content of this update, see Apple security updates.
Click to expand...
http://support.apple.com/kb/HT6114
 
Server's must be overwhelmed taken me 1hr to download 20mb on 4mbs business uncapped.
 
Hemps said:
Server's must be overwhelmed taken me 1hr to download 20mb on 4mbs business uncapped.
Click to expand...

I just updated a fresh install Mac and the 700mb+ download took about 45 minutes.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X