Apple updates Mavericks to 10.9.1, issues security fixes for Safari

Filed Under: Apple, Featured, OS X, Security threats, Vulnerability, Web Browsers

Apple just announced the first point update for its recently released OS X 10.9, better known as Mavericks.

Most of the fixes and enhancements are of the not-really-to-do-with-security sort, but the update also bundles in a new version of Safari, with security patches.

That takes Apple's latest browser version number to 7.0.1, dealing with a number of security holes including a data leakage flaw and eight vulnerabilities that "may lead to an unexpected application termination or arbitrary code execution."

Remember that arbitrary code execution inside a browser generally means that a drive-by malware install is possible.

That's where simply viewing a web page can cause malware to be downloaded, installed and activated, without any outward or visible signs: no warnings, no pop-ups, and no are-you-sures.

The Mavericks update can be fetched, as usual, by using the Software Update... option in the Apple menu, or by fetching a standalone installer in the form of a DMG (Apple disk image) file.

If you look after more than one Mac, or simply want to keep a complete set of reinstallation tools for your own Mac, getting and keeping the standalone installers for each point release is a handy thing to do.

It means that you can reinstall OS X and apply all the current security patches before going online for the first time on your newly-rebuilt Mac.

→ Point releases after 10.x.1 are usually available as a regular download or as what's called a combo, which packages together all previous point releases as well. That way you only need to install OS X plus one (typically jumbo-sized) patch, rather than installing OS X and then applying each point release in numeric sequence. Of course, 10.x.1 updates have no combo flavour, as there are no previous point releases with which to combine.

There are two DMG installers to pick from:

  • DL1712: OS X Mavericks 10.9.1 Update for MacBook Pro with Retina Display (Late 2013). [363MB]
  • DL1707: OS X Mavericks 10.9.1 Update (for all other supported Macs). [243MB]

If you have earlier versions of OS X (10.7.5, aka Lion, and 10.8.5, aka Mountain Lion), the Safari security fixes are available on their own as Safari 6.1.1.

→ The Safari 6.1.1 update seems to bring earlier OS X versions into line with Mavericks as far as browser security patches are concerned, but none of the security fixes in Mavericks itself seem to have been backported to the Lion and Mountain Lion flavours. It's looking increasingly certain that they never will be.

I'll admit that my first thought on hearing about 10.9.1 was, "Gosh, that was quick. Mavericks itself hasn't been out long."

But a glance at Rob Griffiths' long-running (and very handy) release history table for OS X versions shows that 10.9.1 came 55 days after 10.9, longer than any other 10.x.1 release so far.

How time flies when you're having fun!

, , , , , ,

You might like

2 Responses to Apple updates Mavericks to 10.9.1, issues security fixes for Safari

  1. Bart · 246 days ago

    Thanks very much for this type of information.

  2. Kate Rose · 167 days ago

    I have a 5-year-old MacBook Pro with a 10.9.2 system. I need to reinstall Safari, as it now dies as soon as it boots up. Safari is now part of Mavericks. What DMG installer can I download to get it back?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog