Apple released a new Mac OS 10.6.8 software update for "Snow Leopard" to address problems an earlier update caused.
Less than a week after Apple's
new Mac OS X "Lion" made its debut, it released a software update to
resolve problems from an earlier update and provided three security updates.
Mac OS X 10.6.8 resolved
some issues that arose after "Snow Leopard" users applied the earlier
update that was supposed to prepare their Macs for the new Mac OS X 10.7, Apple
said July 25. The software update is available as two different releases,
depending on whether the user installed the earlier Mac
OS X 10.6.8 update
from June 24.
The initial 10.6.8 update
enhanced the Mac App Store to get the Mac ready for the new operating system, nicknamed
"Lion," along with a few other security fixes. However, the update
caused certain network printers to pause during print jobs and fail to
complete. In addition, it also caused audio on some systems to stop working
when using HDMI (High-Definition Multimedia Interface) or optical audio out,
Users who have already
installed the original 10.6.8 update need to install the Mac OS X 10.6.8
Supplemental Update. If the user had procrastinated on the update, the Mac OS X 10.6.8 Combo Update v1.1
is the cleaner version to install. The 1.09GB update takes care of
applying all the fixes for the initial release as well as resolving the newer
issues, Apple said.
Separately, the company
released three security updates for the iWork office suite to fix arbitrary
code-execution flaws in the iWork '09 suite. Two of the issues apply to the
Numbers application and one to Pages, Apple said. The vulnerabilities could be
exploited using booby-trapped documents.
Apple also rolled out iOS
4.3.5 to address a security flaw on the iPhone, iPod Touch and the iPad.
Verizon users with the CDMA (Code Division Multiple Access) version of the
iPhone will see the update as iOS 4.2.10. The update fixed a flaw in x.509
certificate handling that could potentially result in attackers intercepting
SSL (Secure Sockets Layer) secure connections from Apple's mobile devices.
Apple has had a busy week.
Following the Lion debut July 19, it released a massive update for Safari 5.0.6
and 5.1 to fix a slew of security issues July 20. Andrew Storms, director of
security operations for nCircle, told eWEEK
the number of patches in the Safari update was "mind boggling."
"This is a vast number
of bugs for just Safari alone. There are so many code-execution bugs alone I've
gone cross-eyed," Storms said.
It appears that 46 of the
vulnerabilities may lead to remote-code execution, four to accidental
information disclosure, three to spoofing addresses, three to cross-site
scripting and one to mismanaging SSL certificates, Paul Ducklin, head of
technology in the Asia-Pacific group at Sophos, wrote on the NakedSecurity
"If you calculate the
magnitude of a security update by the count of CVE [Common Vulnerabilities and
Exposures] numbers listed, this one scores a 57," Ducklin said.
While Microsoft and Oracle
regularly release big software updates, they generally address multiple
applications and operating systems, as opposed to just addressing one
application, said Storms.