Apple’s latest large-scale OS X security updates are out.
If you’re a Snow Leopard (OS X 10.6) user, you’ll need the 200Mbyte Security Update 2012-001, which requires you to be at the latest point release of that version first.
(That’s 10.6.8, which came out back in June 2011. You updated to 10.6.8 long ago, did you not?)
If you’re using Lion (OS X 10.7), you get 700MBytes to 1.4Gbytes (depending on what sub-version of 10.7 you are currenly using) of full-blown new point release, which takes you to 10.7.3.
A reboot is required on both Snow Leopard and Lion.
Apple’s description of the security issues fixed in these updates can be found in Support Article HT5130.
This sounds like the sort of update you would ignore at your peril.
19 of the fixes are for problems listed with an impact of arbitrary code execution. That’s vulnerability-speak for “could perhaps be used by a cybercrook for a drive-by infection.” These now-patched exploitable vulnerabilities involved a wide range of file types.
In most cases, simply using a data file could have been enough to expose you to the vulnerability, for example: previewing a font, listening to an audio file, watching a video, viewing an image, or reading a PDF document.
Since data files aren’t supposed to contain executable code – or, if they do, that code is supposed to be just-so-much harmless data – we quite reasonably treat images, podcasts, videos and so forth as implicitly safe for Macs and PCs.
So cybercrooks adore remote code execution vulnerabilities which let them sneak program code onto your computer under perfectly innocent-looking cover. The crooks are willing to pay good money for data-borne exploits; you need to be willing to patch the underlying vulnerabilities as soon as you can.
Over to you. Click on the Apple menu, choose Software Update…, and take it from there!