Apple this week patched 51 vulnerabilities in Mac OS X, most of them critical, in 2012's first security update.
Both Mac OS X 10.7, aka Lion, and 10.6, better known as Snow Leopard, were updated with fixes. The two operating systems were last updated in mid-October 2011.
[ For tips and tools for managing an enterprise Mac fleet, download InfoWorld's free "Business Mac" Deep Dive PDF special report today. | See InfoWorld's slideshow tour of Mac OS X Lion's top 20 features and test your Apple smarts with our Apple IQ test: Round 2. | Keep up with key Apple technologies with the Technology: Apple newsletter. ]
Some Lion users reported post-update catastrophes. In a quickly-growing thread on the Apple support forum, users said that after updating, every application crashed when launched.
Among the patches were a pair that addressed a vulnerability in SSL (secure socket layer) 3.0 and TLS (transport layer security) 1.0 that was demonstrated last September by researchers who crafted a hacking tool dubbed BEAST, for "Browser Exploit Against SSL/TLS."
Apple had previously patched the same bug in iOS and other vendors, including Microsoft and Mozilla, had also beat Apple to this patch punch.
The company was also late to the patching party with the revocation of trust in all certificates issued by Digicert, a Malaysian intermediate certificate authority (CA). Last year, researchers found that Digicert had issued 22 certificates with weak 512-bit keys and missing certificate extensions and revocation information.
Microsoft and Mozilla revoked trust in Digicert nearly three months ago.
Apple patched six vulnerabilities in QuickTime, the media player bundled with Mac OS X, that could be triggered with malicious image, audio or video files, said Apple in its advisory.
Of the 51 total flaws, 40 were tagged by Apple with its usual "arbitrary code execution" phrase, the company's way of saying that the bugs were critical and could be used by attackers to hijack a Mac with a working exploit.
One of the vulnerabilities could be exploited in a "drive-by" attack, which only requires duping users into browsing to a malicious site to be successful.
As usual, the security update quashed bugs in numerous modules of the operating system, including open-source elements that Apple integrates with its own code. Fixes affected the Apache, ColorSync, OpenGL, PHP and X11 components, among others.
Mac OS X 10.7.3, the third update since Apple shipped Lion in July 2011, also included non-security fixes and changes that handled bugs in Wi-Fi -- Apple said it had taken care of one where the wireless connection wouldn't re-establish after bringing a Mac out of sleep mode -- and made several improvements to the OS's integration with Windows Server's Active Directory, which oversees authentication on enterprise networks.