Apple yesterday updated OS X Mountain Lion for the first time in six months, patching 14 security vulnerabilities and addressing a host of other issues.
Alongside the operating system update, Apple also upgraded the Safari browser to version 6.0.3, fixing 17 security flaws.
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
OS X 10.8.3 dealt with several non-security flaws, including a pair related to Active Directory, Microsoft's domain authentication technology, and added new features that ranged from Boot Camp support for Windows 8 to letting users redeem app gift cards by holding the card in front of their Mac's built-in camera.
The last time Apple updated OS X Mountain Lion was Sept. 19, 2012, about two months after its debut.
Mountain Lion's new-found support for Boot Camp came five months after Microsoft launched that edition, and was accompanied by a fix that allowed iMacs with 3TB hard drives to run the utility that lets users switch between OS X and Windows. Previously, a bug prevented iMacs with drives that size to run the dual-boot software.
Separate updates were posted to provide the necessary Windows 7 and Windows 8 drivers for Boot Camp.
Other fixes addressed in 10.8.3 included one for a screen problem when the Mac woke from sleep, another for audio stuttering on 2011 Macs, and a third that reportedly improved Mail's reliability when fetching messages from an Exchange server.
On the security side, only four of the 14 Mountain Lion vulnerabilities were accompanied with the phrase "may lead to ... arbitrary code execution," Apple's way of classifying the bug as critical.
One flaw involved Java, the Oracle software that has been plagued by a rash of zero-day disclosures and emergency updates. "Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically, even if the Java plug-in is disabled," Apple said in its advisory.
Another could be exploited by a rigged PDF document, said Apple.
As often is the case, several of the flaws were in open-source code that Apple includes or integrates with OS X, ranging from the Apache Web server to Ruby on Rails.
Safari, which was updated to 6.0.3 for both Mountain Lion and OS X Lion, received 17 patches, 15 of them in WebKit, the open-source browser engine that powers Apple's browser as well as Google's Chrome. All 15 were rated critical.
Eight of the 15 WebKit bugs were reported by members of Google's security team, seven attributed to Abhishek Arya, better known as "inferno" in the security community.
Apple also patched Macs running Lion and Snow Leopard with Security Update 2013-001. The Snow Leopard update was notable because it arrived a record eight months after the introduction of Mountain Lion, reinforcing the idea that Apple has changed its support policy and will patch "n-2," where "n" is the current edition of OS X.