Security News

Apple’s OS X 10.8.5 Supplemental Update 1.0 is now available as a software update that fixes a Directory Services flaw related to password validation. Available for OS X Mountain Lion 10.8 to 10.8.5, the update closes a vulnerability (CVE-2013-5163) in which a local attacker could bypass password validation due to a logic issue that existed in the Directory Services verification of authentication credentials.

The supplemental update contains the following security related bug fixes:

CVE-2013-5163 : A local user may modify Directory Services records with system privileges. A logic issue existed in Directory Service’s verification of authentication credentials allowing a local attacker to bypass password validation. The issue was addressed through improved credential validation.

In addition to addressing the security flaw, this update comes with the following bug fixes:

• Resolves an issue that may prevent certain applications from using the FaceTime HD camera on mid-2013 MacBook Air systems
• Fixes an issue that may cause external drives to be ejected after the computer goes to sleep
• Addresses an issue that may prevent HDMI audio from working after waking from sleep
• Fixes an issue that may prevent certain USB Bluetooth adapters from working

The OS X 10.8.5 Supplemental Update is recommended for all users running OS X Mountain Lion v10.8.5. You can update through Apple’s Software Update tool by choosing Apple menu > Software Update, or you can go directly to Apple’s Software Downloads page and get the update from there.