Apple Updates Mac OS X 10.8.5 for Security, Stability
Apple's Mac OS X 10.8.5 update could be the last one for Mountain Lion before the new Mavericks OS X 10.9 release debuts in October.Apple is tuning up its Mac OS X 10.8 Mountain Lion operating system with a new incremental update providing security, stability and bug fixes. The Mac OS X 10.8.5 update follows the 10.8.4 update, which when it debuted in June provided users with security fixes for over 50 flaws. On the security front for Mac OS X 10.8.5, Apple is providing users with updated packages for a number of open-source applications that are part of the operating system. Among the updated open-source apps are new versions of the Apache Web server, the BIND DNS server, the PHP language and the PostgreSQL database. OS X also makes use of the open-source OpenSSL, a Secure Sockets Library used to encrypt data transmission. According to Apple, multiple vulnerabilities exist in OpenSSL, the most serious of which may lead to disclosure of user data. The OS X 10.8.5 update now includes a new version of OpenSSL that has fixed those issues. One of the ways that SSL in general works is that the operating system or the Web browser will trust a given certificate because it is signed and issued by a recognized certificate authority. As part of the OS X 10.8.5 update, Apple is updating its Certificate Trust Policy, adjusting the root certificates from the certificate authorities that are trusted. Apple is also patching its installer for a security flaw that could have potentially enabled software packages to be installed even after the security certificate that they have been signed with has been revoked.
"When Installer encountered a revoked certificate, it would present a dialog with an option to continue," Apple warned. "The issue was addressed by removing the dialog and refusing any revoked package."