Apple’s OS X 10.8.5 Supplemental Update 1.0 is now available as a software update that fixes a Directory Services flaw related to password validation. Available for OS X Mountain Lion 10.8 to 10.8.5, the update closes a vulnerability (CVE-2013-5163) in which a local attacker could bypass password validation due to a logic issue that existed in the Directory Services verification of authentication credentials.
The supplemental update contains the following security related bug fixes:
CVE-2013-5163 : A local user may modify Directory Services records with system privileges. A logic issue existed in Directory Service’s verification of authentication credentials allowing a local attacker to bypass password validation. The issue was addressed through improved credential validation.
In addition to addressing the security flaw, this update comes with the following bug fixes:
The OS X 10.8.5 Supplemental Update is recommended for all users running OS X Mountain Lion v10.8.5. You can update through Apple’s Software Update tool by choosing Apple menu > Software Update, or you can go directly to Apple’s Software Downloads page and get the update from there.