Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


   Security Update 2014-003 (Mountain Lion and Lion)

   Agen G. N. Schmitz

   Apple has released Security Update 2014-002 for 10.8 Mountain Lion,
   10.7 Lion, and 10.7 Lion Server, with many of the same security fixes
   applied to the recently released OS X 10.9.4 Mavericks (see '[1]OS X
   10.9.4 Includes Wi-Fi, Wake from Sleep Fixes,' 30 June 2014). All three
   releases receive updates to the certificate trust policy, as well as
   fixes for vulnerabilities in maliciously crafted Zip files, cURL
   re-using NTLM connections, and the Dock's handling of messages from
   applications. The Mountain Lion Security Update also patches
   vulnerabilities related to a kernel memory issue with graphics drivers,
   a validation issue in the handling of OpenCL API calls, and array
   indexing with IOAcceleratorFamily (see the [2]full list of patched
   vulnerabilities). (All updates are free. [3]For 10.8 Mountain Lion,
   139.3 MB; [4]for 10.7 Lion, 134 MB; [5]for 10.7 Lion Server, 184.3 MB.)

References

   1. http://tidbits.com/article/14881
   2. http://support.apple.com/kb/HT6296
   3. http://support.apple.com/kb/DL1753
   4. http://support.apple.com/kb/DL1751
   5. http://support.apple.com/kb/DL1752

.