14 DAY TRIAL // In a bid to address user-reported issues and a truckload of security problems, Apple now offers OS X Mavericks 10.9.4, an updated version of the company’s desktop operating system. The release is accompanied by new versions of Safari and a standalone security update for those who don’t want the whole package.
Apple reveals on its Support site that “The OS X Mavericks 10.9.4 Update is recommended for all Mavericks users. It improves the stability, compatibility, and security of your Mac.”
Weighing in at 283 MB, the update addresses an issue that prevented some Macintosh models from automatically connecting to known Wi-Fi networks and improves the reliability of wake from sleep. Bundled with 10.9.4 is also the new Safari 7.0.5, but if you just want the browser, you can download it separately and apply it on any Mavericks version.
Apple outlines that 10.9.4 is (perhaps more importantly) filled with security patches for recently discovered vulnerabilities. Almost two dozen separate flaws are listed as addressed in areas like Certificate Trust Policy, copyfile, curl, Dock, Graphics Driver, iBooks Commerce, Intel Compute, IOAcceleratorFamily, IOReporting, launchd, Keychain, and Thunderbolt.
Here are a few instances of how Apple addressed some issues in the system. For example, the Dock flaw would allow a sandboxed application to circumvent sandbox restrictions.
According to the advisory, “An unvalidated array index issue existed in the Dock’s handling of messages from applications. A maliciously crafted message could cause an invalid function pointer to be dereferenced, which could lead to an unexpected application termination or arbitrary code execution.”
A more serious vulnerability was found in iBooks Commerce and affected OS X Mavericks 10.9 to 10.9.3. “An attacker with access to a system may be able to recover Apple ID credentials,” Apple says.
The full description states: “An issue existed in the handling of iBooks logs. The iBooks process could log Apple ID credentials in the iBooks log where other users of the system could read it. This issue was addressed by disallowing logging of credentials.”
Keychain, another component that deserves Apple’s utmost care and attention, was also flawed.
“Under rare circumstances, the screen lock did not intercept keystrokes. This could have allowed an attacker to type into windows under the screen lock. This issue was addressed through improved keystroke observer management,” the Cupertino giant explains.
Security Update 2014-003 includes these standalone fixes and a lot more, while Safari 7.0.5 is also a security-centric release. Both these two and OS X Mavericks 10.9.4 (which includes the lot) can be obtained either from Apple Support Download, via your Mac’s software updater (in the Mac App Store), or from Softpedia at the handy links below.
Download OS X Mavericks 10.9.4
Download Security Update 2014-003
Download Safari 7.0.5 (for OS X 10.9) / 6.1.5 (for OS X 10.7, 10.8)