Apple Issues Security Update 2012-001 for Snow Leopard

| News

Apple released security update 2012-001 for Snow Leopard on Wednesday which corrected a number of vulnerabilities across several applications and file types, including:

  • a risk of malicious fonts, images with ColorSync profiles, audio files, movies, documents, websites, compressed files, TIFF files, OpenGL, the libresolv library, PDF files, MP4, JPEG2000, PNG files terminating the application or executing code arbitrarily
  • risk of remote servers being able to impersonate clients via GSSAPI requests
  • attackers with privileged network positions being able to intercept sensitive information including user credentials
  • a risk of decrypting data protected by SSL
  • some EV certificates being trusted even through the corresponding root has been marked as untrusted
  • multiple vulnerabilities in Apache
  • multiple vulnerabilities in PHP and libpng
  • multiple vulnerabilities in SquirrelMail including a cross-scripting issue
  • the possible disclosure of sensitive information when accessing a Subversion repository
  • multiple vulnerabilities in Tomcat

The patches included in the Snow Leopard update are also included in the OS X 10.7.3 update Apple released for Lion users today.

The update is available through Software Update and is a 202.3MB download. The standalone update is 192.73MB. Security Update 2012-001 is recommended for all Snow Leopard users and improves the security of Mac OS X.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

2 Comments

Jason

Breaks older PowerPC application running on Rosetta. Crashes or hangs them.

Paul Goodwin

Yeah. I was considering doing the update. I went to the Snow Leopard Apple Discussion Forum, and it’s pretty much a disaster for that great version of the OS right now. People (myself included) have been sticking with 10.6.8 and sacrificing some of the niceties of 10.7 just because 10.7 won’t run PPC apps-some of which were fairly expensive. I don’t know what went wrong but some serious mistakes were made and the leaders of that development release should be squirming about their future.

Log-in to comment