Apple + Security & Privacy + Security News

Apple issued updates to OS X 10.7 Lion and to the Safari web browser yesterday, fixing bugs and patching a number of security vulnerabilities. The company also released a security update for Mac OS X 10.6 Snow Leopard.

The OS X 10.7.4 update fixes 35 flaws, ranging from Time Machine and PHP to QuickTime and Bluetooth. Many of these fixes also apply to Security Update 2012-002 for Mac OS X Snow Leopard. This update is either 370 MB or 730 MB, depending on which model Mac you have.

This update notably fixed a FileVault bug that could expose user passwords which we recently reported on. Apple also offered detailed instructions on how to remove the file that contains passwords. If you were using FileVault since before OS X Lion, you should follow those instructions.

After users run the 10.7.4 update, Software Update will run and prompt them to download and install a new version of Safari. (If Software Update doesn’t open, you should run it by choosing Software Update from the Apple menu.) Version 5.1.7 of the web browser fixes four vulnerabilities, but also checks the current version of the Adobe Flash plugin. It then:

disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.

Users who wish to reinstall a disabled version of Flash Player can do so by following Apple’s instructions, but they would be much better off downloading a new version immediately from the Adobe web site.

More information about this update is available here (for the OS X update) and here (for the Safari update).