OS X Mountain Lion v10.8.3 and Security Update 2013-001 can be downloaded and installed via Software Update preferences, or from Apple Downloads.
Apple Os X Mountain Lion Update Free
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see 'How to use the Apple Product Security PGP Key.'
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see 'Apple Security Updates'.
- OS X Mountain Lion is available now as a download from the Mac App Store. Just click the Mac App Store icon in your dock, purchase Mountain Lion, and follow the onscreen instructions to install it. Mountain Lion will not only make your Mac work better, it also makes your Mac work even better with your iPhone, iPad, and iPod touch. Because it comes with iCloud, your mail, calendars, contacts.
- OS X Mountain Lion v10.8.3 and Security Update 2013-001 can be downloaded and installed via Software Update preferences, or from Apple Downloads.
- In previous versions of OS X, before Mountain Lion, one could use the System Preference called Software Update to both update the OS (and Apple's own apps) and also view a list of system updates.
If you need to purchase Mac OS X 10.7 Lion, you may order it from this page. The most current version of OS X is OS X 10.9 Mavericks. To learn more, please click here. What do you receive: An email with a content code for the Mac App Store. Note: Content codes are usually delivered within 1 business day but may occasionally take longer. After you install Snow Leopard you will have to download and install the Mac OS X 10.6.8 Update Combo v1.1 to update Snow Leopard to 10.6.8 and give you access to the App Store. Access to the App Store enables you to download Mountain Lion if your computer meets the requirements.
Note: OS X Mountain Lion v10.8.3 includes the content of Safari 6.0.3. For further details see About the security content of Safari 6.0.3.
OS X Mountain Lion v10.8.3 and Security Update 2013-001
Apache
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials
Description: A canonicalization issue existed in the handling of URIs with ignorable Unicode character sequences. This issue was addressed by updating mod_hfs_apple to forbid access to URIs with ignorable Unicode character sequences. Macbook webcam drivers.
CVE-ID
CVE-2013-0966 : Clint Ruoho of Laconic Security
CoreTypes
Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically even if the Java plug-in is disabled
Description: Java Web Start applications would run even if the Java plug-in was disabled. This issue was addressed by removing JNLP files from the CoreTypes safe file type list, so the Web Start application will not be run unless the user opens it in the Downloads directory.
CVE-ID
CVE-2013-0967
International Components for Unicode
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: A canonicalization issue existed in the handling of the EUC-JP encoding, which could lead to a cross-site scripting attack on EUC-JP encoded websites. This issue was addressed by updating the EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Identity Services
Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Authentication relying on certificate-based Apple ID authentication may be bypassed
Description: An error handling issue existed in Identity Services. If the user's AppleID certificate failed to validate, the user's AppleID was assumed to be the empty string. If multiple systems belonging to different users enter this state, applications relying on this identity determination may erroneously extend trust. This issue was addressed by ensuring that NULL is returned instead of an empty string.
CVE-ID
CVE-2013-0963
ImageIO
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of TIFF images. This issue was addressed through additional validation of TIFF images.
CVE-ID
CVE-2012-2088
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted image may lead to an unexpected system termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of graphics data. Apple safari download for windows 7 32 bit. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2013-0976 : an anonymous researcher
Kernel
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them.
CVE-ID
CVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square, and additional anonymous researchers
Login Window
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: An attacker with keyboard access may modify the system configuration
Description: A logic error existed in VoiceOver's handling of the Login Window, whereby an attacker with access to the keyboard could launch System Preferences and modify the system configuration. This issue was addressed by preventing VoiceOver from launching applications at the Login Window.
CVE-ID
CVE-2013-0969 : Eric A. Schulman of Purpletree Labs
Messages
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: Clicking a link from Messages may initiate a FaceTime call without prompting
Description: Clicking on a specifically-formatted FaceTime:// URL in Messages could bypass the standard confirmation prompt. This issue was addressed by additional validation of FaceTime:// URLs.
CVE-ID
CVE-2013-0970 : Aaron Sigel of vtty.com
Messages Server
Available for: Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may reroute federated Jabber messages
Description: An issue existed in the Jabber server's handling of dialback result messages. An attacker may cause the Jabber server to disclose information intended for users of federated servers. This issue was addressed through improved handling of dialback result messages.
CVE-ID
CVE-2012-3525
PDFKit
Macbook pro tb hard drive. Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue existed in the handling of ink annotations in PDF files. This issue was addressed through improved memory management.
CVE-ID
CVE-2013-0971 : Tobias Klein working with HP TippingPoint's Zero Day Initiative
Podcast Producer Server
Available for: Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Podcast Producer Server.
CVE-ID
CVE-2013-0156
Podcast Producer Server
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of JSON data. This issue was addressed by switching to using the JSONGem backend for JSON parsing in the Rails implementation used by Podcast Producer Server.
CVE-ID
CVE-2013-0333
PostgreSQL
Available for: Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5
Impact: Multiple vulnerabilities in PostgreSQL
Description: PostgreSQL was updated to version 9.1.5 to address multiple vulnerabilities, the most serious of which may allow database users to read files from the file system with the privileges of the database server role account. Further information is available via the PostgreSQL web site at http://www.postgresql.org/docs/9.1/static/release-9-1-5.html
CVE-ID
CVE-2012-3488
CVE-2012-3489
Profile Manager
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Profile Manager.
CVE-ID
CVE-2013-0156
QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2012-3756 : Kevin Szkudlapski of QuarksLab
Ruby
Available for: Mac OS X Server 10.6.8
Impact: A remote attacker may be able to cause arbitrary code execution if a Rails application is running
Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling YAML and symbols in XML parameters in Rails.
CVE-ID
CVE-2013-0156
Security
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly issued by TURKTRUST. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue was addressed by not allowing the incorrect SSL certificates.
Software Update
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5
Impact: An attacker with a privileged network position may be able to cause arbitrary code execution
Description: Software Update allowed a man in the middle attacker to insert plugin content into the marketing text displayed for updates. This may allow the exploitation of a vulnerable plugin, or facilitate social engineering attacks involving plugins. This issue does not affect OS X Mountain Lion systems. This issue was addressed by preventing plugins from being loaded in Software Update's marketing text WebView.
CVE-ID
CVE-2013-0973 : Emilio Escobar
Wiki Server
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Wiki Server.
CVE-ID
CVE-2013-0156
Wiki Server
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of JSON data. This issue was addressed by switching to using the JSONGem backend for JSON parsing in the Rails implementation used by Wiki Server.
CVE-ID
CVE-2013-0333
Malware removal
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Description: This update runs a malware removal tool that will remove the most common variants of malware. If malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.
FaceTime is not available in all countries or regions.
Tips on 10.4 Tiger, 10.5 Leopard, 10.6 Snow Leopard, 10.7 Lion, 10.8 Mountain Lion,10.9 Mavericks,10.10 Yosemite,10.11 El Capitanand 10.12 Sierra-10.15 Catalina
This is part of a series of tips of updating to Mac OS X 10.2 through Mac OS X 10.11 Client. Server versions of Mac OS X are better handled by asking questions in the Server forum. 10.2 & 10.3 are not mentioned above since they can't be upgraded to 10.6 or later. Some 10.8 prebundled Macs can be upgraded to 10.12 and then to Catalina.
Before updating to 10.7 or later from 10.6.8 or earlier, please read this tip:
10.9, and 10.10 are no longer available, unless it was preinstalled on your Mac or you purchased it prior on the Apple Store. Some people whom no longer have need for either operating system may find they can transfer their license to someone else who does need it and have the compatibility needs of the links above. Note, if your Mac came with 10.6.8 or earlier installed and is compatible with 10.8, you can install 10.6.8 and then 10.11. Unfortunately you have to request the App Store make 10.11 available if you require it, and are not compatible with 10.12 or 10.13. 10.7.5 and higher users can upgrade to 10.12.
For info on what 10.13 is compatible with, visit this tip:
See this tip to find your Mac model's age:
Backing up your data at least twice is essential. A clone backup, explained in the 'backing up' link in the prior sentence, prior to upgrading to Lion will ensure you are able to backstep to Lion in event you don't have a USB Flash drive copy of Lion.
Apple announced Mountain Lion's availability, July 25, 2012.
iOS 9.2 and iOS 9.2.1 require Mac OS X 10.8 and iTunes 12.3 (newer versions of iOS require newer Mac OS X for syncing, and are covered in that link) for syncing on the Macintosh side.
Apple has released 10.8.1,10.8.2 , the supplemental update to 10.8.2, 10.8.3, 10.8.4, 10.8.5, Security Update 2014-003 (Mountain Lion) and 10.9 (Mavericks) as updates to Mountain Lion.
For the latest security updates see http://support.apple.com/kb/HT1222
and searching for the newer one together with the text
support.apple.com DL
Downloading Os X Mountain Lion
will get newer download links.
Mavericks is mentioned on this same line, as the Apple hardware requirements are the same, though the compatibility for Mavericks for third party devices may differ. 10.8 is now (as of January 10, 2014) available directly from the http://store.apple.com/us/product/D6377/os-x-mountain-lion link in the United States (the /us/ in the link may be changed for the standard standard two letter country code matching the store link), although realize that 10.9 is free and has the same Apple hardware requirements as 10.8, though some software may only run on 10.8. If you have difficulty downloading 10.8, go the App Store support. The App Store support may be able to help you restore 10.8 to its factory condition and make it available on internet restore, which happens with a command-R boot. For Macs newer than 10.8's release of July 25, 2012 (Mac Minis older than October 23, 2012 would not fall under this, since their hardware was not modified until that date), but older than 10.9's release of October 22, 2013, contacting AppleCare http://www.apple.com/contact/phone_contacts.html may be needed to add it to internet restore. Macs that were prebundled with 10.6.8 or earlier can't use the command-R boot without a firmware update:
Some issues exist with WiFi on 10.8.5 for some machines. At this point the reason is unknown, and sometimes it takes connecting to ethernet
and then back to WiFi to fix. Note, if your machine is 4 years or older, be sure to have your PRAM battery checked. This battery is separate from the battery that lets you work off the power lines. If it is under 4 years old, frequently such issues can be resolved with the PRAM being reset. Be sure
to report to Apple Store, or http://www.apple.com/feedback/ any issues you have. If you want to go through a formal way, submit a bug reportafter signing for
an online developer account.
Front row is no longer present with Lion or Mountain Lion. However, some have found a way to get it to work with both.
If you have issues with the download after reading the rest of this tip, please contact the Mac App Store form or e-mail, to ensure you don't get double billed
when you redownload Mountain Lion. Also you will probably have to contact them if you can't find the link on the store when going to this U.S. store download link (adjust the link according to your country when you enter the store website). It is 4.05 GB which works out to 4147.2 MB, which at 7Mbps or .875 MBps would take 1 hour 19 minutes. At 1.5 Mbps that would take 6 hours and 8 minutes. At 768 kbps that would take 12 hours and 16 minutes. And that's assuming the traffic at Apple trying to download it isn't overwhelming the servers, and you have a dedicated connection at those speeds. After the download completes, the installer takes 3 minutes before rebooting itself, and 33 minutes after rebooting to complete the installation on an iMac 11,2. Times may vary by speed of the hard drive, connected peripherals (preferably none), available disc space, and available RAM. Unlike Lion, before the installer begins, it leaves behind a distinct 4.3 GB installer file you can drag to any backup you need before beginning with the 36+ minute installation process.
http://roaringapps.com/apps?platform=osxoffers a third party table for software compatibility. Ignore the El Capitan compatibility, as that has not been released yet. https://discussions.apple.com/docs/DOC-6271 should be
read before updating from 10.6.8 or earlier. RAW photo support for 10.7 is different from 10.8, but here is the 10.8 support link:
Mountain Lion, Mac OS X 10.8 has many of the same requirements as Lion, except those listed below:
Brother has a table that lists which Faxes work with 10.8.
Canon has released new Fax software for 10.8 and some of their printers.
Epson has a table that includes some printers as listed as Fax compatible.
HP website says the HP Fax driver ships with some of their printers, but is not specific as to which ones.
The USR 5637 modem has plug and play FAX compatibility with Mac OS X 10.4 to 10.8. FAX compatibility is one of the options available through the Print dialog together with the PDF save options in Mac OS X.
Apple has a listing of printer and scanner drivers for 10.6 through 10.9:
Any not listed, will have to come from the vendor directly.
Apple provides updates to the printers on that link through these links by vendor:
HP, Ricoh, Canon, Epson, Brother,Lexmark, Samsung, and Fuji/Xerox
The major third party Fax software vendors for Fax machines stopped supporting Mac OS X as of 10.8 on some, and 10.7 on others.
4-Sight-Fax supported 10.7, but not 10.8.
Now discontinued, Smileyourmac's PageSender stopped supporting Mac OS X after 10.6.8.
Apple has the minimum system requirements for Mountain Lion, which are the same for Mavericks, Yosemite, and El Capitan, based on their annual time schedule of model releases on http://www.apple.com/osx/specs/
Below are others means of identifying the compatibility if you completely read this tip.
At this point several places on the Net already are claiming Mountain Lion compatibility for certain software or hardware that is non-Apple.
Any announcements of Mountain Lion compatibility prior to July 25, 2012 should be treated with skepticism, and tested on a backed up system
prior to updating those entries on the Net and getting Mountain Lion either from an authorized reseller or Apple. Note: at the point of writing this
tip, no USB Flash drive is available for Mountain Lion, and it can only be gotten from Apple Mac App Store. Stay tuned!
Macs sold with different hardware in the same model name on or after July 25, 2012, may not be able to run Lion, or earlier versions of Mac OS X,
though are still able to run Windows. An older Mac may be needed to run software not yet tested with Mountain Lion. See below for resources on telling a Mac's age. Solutions for running Snow Leopardmay still work.
Someone who does not have the serial number of their machine due to a logicboard replacement,
or other is desiring to purchase an older machine and wanting to know about Mountain Lion's compatibility,
will benefit by the following. The model identifier, also known as Machine ID, can be found in Apple menu -> About This Mac -> System Information or More info. The following Macs with 10.6.8 or later, 2GB of RAM, and 8 GB of hard space (presumably an additional 15% of free hard disk space will be beneficial as has always arbitrarily been found in the past) are able to upgrade to Mac OS X 10.8:
iMac 7,1 and later
MacBook 5,1 and later
MacBook Pro 3,1 and later
MacBook Air 2,1 and later
Mac Mini 3,1 and later.
Mac Pro 1,x and 2,x have two solutions in link 1 and link 2. 3,1 and later have built-in official support.
The link to get older Mac Pros to run 10.8 has been objected to by some as doing something not allowed. It does stretch the limits of
what is possible even under the license agreement, but as long as you keep the one copy of 10.8 you buy and do not distribute it to anyone else,
you have satisfied the requirements of the license agreement. Mind you the cost may be more than Mac OS X Server 10.8 or 10.7 depending on the compatibility of software and how many licenses you need to get. Read the rest of the tip to determine if your software at least is ready for 10.8.
Airdrop is compatible on 10.8 systems of the following model identifier:
MacBook Pro 5,1 and later
MacBook Air 3,1 and later
MacBook 5,1 and later
iMac 9,1 and later
Mac Mini 4,1 and later
Mac Pro 4,1 and later
Airplay mirroring is compatible on 10.8 systems of the following model identifier:
Mac Mini 5,1
MacBook Air 4,1
MacBook Pro 8,1
iMac 12,1
..Mac Pro..noticeably absent in spite of June 11, 2012's new release. If someone getting a new Mac Pro would care to comment, please feel free to.
A similar feature is available to older Macs through third party software and hardware listed on this tip.
Powernap is compatible just with these Macs:
MacBook Air 3,1
MacBook Pro 10,1 and later.
Macs whose minimum Mac OS X is 10.8 (may be able to run older versions with this hint):
MacBook Pro 10,2 or later, 10,1 Retina 2.4 Ghz, ME665LL/A EMC 2673, Retina 2.8 Ghz
Mac Mini 6,1 or later.
iMac 13,1 or later
As of 4/22/2013, no MacBook Air, nor Mac Pro could only run Mac OS X 10.8.
A very good third party resource for identifying older Macs is on EveryMac.
Tips present for Lion's release are fairly good for Mountain Lion as far as is known as of the date of this tip's posting.
Apple has a history of making Macs only compatible with the operating system available at the time of their refresh date.
10.14 Mojave is available to certain MacBook Air, Mac mini, iMac, Mac Pros and MacBook Pros which shipped with 10.8 after upgrading to 10.12 from 10.8. Note: some Mac Pros (not MacBook Pro) which shipped with 10.6, may be updated to 10.6.8 then 10.11 then to 10.14. Some MacBook Pros shipped with 10.7 that can be upgraded to Mojave after upgrading to 10.12.
Macbooks without Air or Pro next to the name need to have shipped with 10.10 or later and updated to 10.11 before installing Mojave.