Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


   Security Update 2015-001 (Mountain Lion and Mavericks)

   Josh Centers

   For users of OS X 10.8 Mountain Lion and 10.9 Mavericks, Apple has
   released [1]Security Update 2015-001 with a number of security fixes
   matching those in the OS X Yosemite 10.10.2 Update (see '[2]Apple
   Releases OS X 10.10.2, iOS 8.1.3, and Apple TV 7.0.3,' 27 January
   2015). These fixes address vulnerabilities in App Store logging,
   Bluetooth, command-line utilities, font handling, graphics drivers, PDF
   handling, Spotlight, and more. Unfortunately, the security update does
   not include a fix for the Thunderstrike attack, leaving Macs running
   older operating systems vulnerable (see '[3]Thunderstrike
   Proof-of-Concept Attack Serious, but Limited,' 9 January 2015).
   However, the update does includes Safari 6.2.3 for Mountain Lion and
   Safari 7.1.3 for Mavericks, both of which fix multiple memory
   corruption issues in WebKit that could allow a malicious Web site to
   execute code. Security Update 2015-001 is available via Software Update
   or via direct download from Apple's Support Downloads Web site. (Free.
   For [4]10.8 Mountain Lion, 177.4 MB; for [5]10.9 Mavericks, 62.3 MB.)

References

   1. http://support.apple.com/en-us/HT204244
   2. http://tidbits.com/article/15368
   3. http://tidbits.com/article/15331
   4. http://support.apple.com/kb/DL1787
   5. http://support.apple.com/kb/DL1788

.