Apple updates Mountain Lion, patches Safari

OS X 10.8.3 adds Boot Camp support for Windows 8

Apple has updated OS X Mountain Lion for the first time in six months, patching 14 security vulnerabilities and addressing a host of other issues.

Alongside the operating system update, Apple also upgraded the Safari browser to version 6.0.3, fixing 17 security flaws.

OS X 10.8.3 dealt with several non-security flaws, including a pair related to Active Directory, Microsoft's domain authentication technology, and added new features that ranged from Boot Camp support for Windows 8 to letting users redeem app gift cards by holding the card in front of their Mac's built-in camera.

The last time Apple updated OS X Mountain Lion was Sept. 19, 2012, about two months after its debut.

Mountain Lion's new-found support for Boot Camp came five months after Microsoft launched that edition, and was accompanied by a fix that allowed iMacs with 3TB hard drives to run the utility that lets users switch between OS X and Windows. Previously, a bug prevented iMacs with drives that size to run the dual-boot software.

Separate updates were posted to provide the necessary Windows 7 and Windows 8 drivers for Boot Camp.

Other fixes addressed in 10.8.3 included one for a screen problem when the Mac woke from sleep, another for audio stuttering on 2011 Macs, and a third that reportedly improved Mail's reliability when fetching messages from an Exchange server.

On the security side, only four of the 14 Mountain Lion vulnerabilities were accompanied with the phrase "may lead to ... arbitrary code execution," Apple's way of classifying the bug as critical.

One flaw involved Java, the Oracle software that has been plagued by a rash of zero-day disclosures and emergency updates. "Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically, even if the Java plug-in is disabled," Apple said in its advisory.

Another could be exploited by a rigged PDF document, said Apple.

As often is the case, several of the flaws were in open-source code that Apple includes or integrates with OS X, ranging from the Apache Web server to Ruby on Rails.

Safari, which was updated to 6.0.3 for both Mountain Lion and OS X Lion, received 17 patches, 15 of them in WebKit, the open-source browser engine that powers Apple's browser as well as Google's Chrome. All 15 were rated critical.

Eight of the 15 WebKit bugs were reported by members of Google's security team, seven attributed to Abhishek Arya, better known as "inferno" in the security community.

Apple also patched Macs running Lion and Snow Leopard with Security Update 2013-001. The Snow Leopard update was notable because it arrived a record eight months after the introduction of Mountain Lion, reinforcing the idea that Apple has changed its support policy and will patch "n-2," where "n" is the current edition of OS X.

Traditionally, Apple has dropped support of n-2 upon the launch of n, but the back-to-back releases of Lion and Mountain Lion in 2011 and 2012, and the refusal of Snow Leopard to go away -- in February, it powered nearly 28% of all Macs -- has apparently altered Apple's policy.

OS X 10.8.3 and Security Update 2013-001 are available by selecting "Software Update..." from the Apple menu, or by opening the Mac App Store application and clicking the Update icon at the top right of the screen. The updates can also be downloaded manually from Apple's support site.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is

See more by Gregg Keizer on

Read more about mac os x in Computerworld's Mac OS X Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags AppleMicrosoftsecurityMac OS XMalware and Vulnerabilities

More about ApacheAppleApple.GoogleMacsMicrosoftOracleTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts