![]() ![]() If you typed “file colon slash slash slash” (which denotes a local URL, i.e. That was a flaw in Apple’s background data recognition software, which aims to auto-highlight text such as URLs displayed by applications such as word processors, text editors, browsers and email clients. Since running Java applets exposes you to a whole additional raft of possible security holes, this fix reinforces my suggestion above that this is an update worth applying as soon as you can.Īnother noteworthy update is that the amusing (if unfunny) “ fIle colon slash slash slash” bug is now a thing of the past. It’ll be something of a surprise for anyone who was relying on Apple’s new-found strictness against Java to find that turning Java off in your browser didn’t necessarily have the desired effect! The most interesting bug-fix, however, is CVE-2013-0967, whereby “visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically even if the Java plug-in is disabled.” ![]() There are also various fixes for problems relating to data leakage or incorrect authentication (which invariably leads to data leakage because it permits users to see things they shouldn’t). There are fixes for 21 CVE-listed vulnerabilities, 11 of which are documented as offering remote attackers the potential for arbitrary code execution. On security grounds alone, the update sounds well worth applying quickly. Having said that, the version-specific security update page is live, and can be found at knowledgebase article HT5672. After all, you invite your users to visit HT1222 from the start I suggest that it’ll be much easier to persuade people to be early adopters if you have all your informational ducks in a row from the start. → If anyone at Apple is reading this, please beg your product managers to reorganise their update workflow so that the security notifications go live at the same time as, or before, the actual updates are published. What’s new?Īpple, as usual, links to its regular landing page for security updates, knowledgebase article HT1222.īut that page, as usual, is lagging behind the actual update situation, with the most recent entry (as at T20:40UTC+11) being Apple’s Java security fix from 04 March 2013. With the most recent Combo updater handy, you can install plain old OS X 10.8 and then leap in one bound to the latest point release. It’s worth having around even if you only have one Mac, in case you need or want to reinstall Mountain Lion. Unless you have a bandwidth-related reason not to go for the biggest download, I recommend you go for the Combo updater. Download the Combo updater (794MByte) to take you from any earlier OS X 10.8 flavour to 10.8.3.Download a standlone updater (541MByte) to take you from 10.8.2 to 10.8.3.Let Apple’s own Software Update from the Apple menu take care of it via the App Store.This brings current-version Mac users to OS X 10.8.3. Apple has shipped the latest point release of its flagship Mountain Lion operating system.
0 Comments
Leave a Reply. |