Less than a week after Apple’s new Mac OS X “Lion” made its debut, it released a software update to resolve problems from an earlier update and provided three security updates.
Mac OS X 10.6.8 resolved some issues that arose after “Snow Leopard” users applied the earlier update that was supposed to prepare their Macs for the new Mac OS X 10.7, Apple said July 25. The software update is available as two different releases, depending on whether the user installed the earlier Mac OS X 10.6.8 update from June 24.
The initial 10.6.8 update enhanced the Mac App Store to get the Mac ready for the new operating system, nicknamed “Lion,” along with a few other security fixes. However, the update caused certain network printers to pause during print jobs and fail to complete. In addition, it also caused audio on some systems to stop working when using HDMI (High-Definition Multimedia Interface) or optical audio out, Apple said.
Users who have already installed the original 10.6.8 update need to install the Mac OS X 10.6.8 Supplemental Update. If the user had procrastinated on the update, the Mac OS X 10.6.8 Combo Update v1.1 is the cleaner version to install. The 1.09GB update takes care of applying all the fixes for the initial release as well as resolving the newer issues, Apple said.
Separately, the company released three security updates for the iWork office suite to fix arbitrary code-execution flaws in the iWork ’09 suite. Two of the issues apply to the Numbers application and one to Pages, Apple said. The vulnerabilities could be exploited using booby-trapped documents.
Apple also rolled out iOS 4.3.5 to address a security flaw on the iPhone, iPod Touch and the iPad. Verizon users with the CDMA (Code Division Multiple Access) version of the iPhone will see the update as iOS 4.2.10. The update fixed a flaw in x.509 certificate handling that could potentially result in attackers intercepting SSL (Secure Sockets Layer) secure connections from Apple’s mobile devices.
Apple has had a busy week. Following the Lion debut July 19, it released a massive update for Safari 5.0.6 and 5.1 to fix a slew of security issues July 20. Andrew Storms, director of security operations for nCircle, told eWEEK the number of patches in the Safari update was “mind boggling.”
“This is a vast number of bugs for just Safari alone. There are so many code-execution bugs alone I’ve gone cross-eyed,” Storms said.
It appears that 46 of the vulnerabilities may lead to remote-code execution, four to accidental information disclosure, three to spoofing addresses, three to cross-site scripting and one to mismanaging SSL certificates, Paul Ducklin, head of technology in the Asia-Pacific group at Sophos, wrote on the NakedSecurity blog.
“If you calculate the magnitude of a security update by the count of CVE [Common Vulnerabilities and Exposures] numbers listed, this one scores a 57,” Ducklin said.
While Microsoft and Oracle regularly release big software updates, they generally address multiple applications and operating systems, as opposed to just addressing one application, said Storms.