Apple + Security News

Apple releases Mac OS X 10.9.3, but offers scant information on improvements

Posted on by

Today Apple has released a new version of its desktop operating system, OS X 10.9.3, but offered the barest of details regarding what the minor update actually fixed.

Mac OS  X 10.9.3 update

The OS X Mavericks 10.9.3 Update is recommended for all Mavericks users. It improves the stability, compatability, and security of your Mac.

This update:

* Improves 4K display support on Mac Pro (Late 2013) and MacBook Pro with 15-inch Retina Display (Late 2013)
* Adds the ability to sync contacts and calendars between a Mac and iOS device using a USB connection
* Improves the reliability of VPN connection using IPsec
* Includes Safari 7.03

Sure, it’s great (for those few people with 4K displays) that they’ll get snazzier looking images.

And I’m delighted for those people still in the dark ages and want to sync their Mac and iOS calendars and address books via a USB connection rather than this thing called the Internet. (Apparently this feature was available in OS X pre-Mavericks, so I suppose some people must have a reason to use it.)

But what I’m really interested in is whether Mac OS X 10.9.3 fixes any security issues. And, in particular, whether in this version of its desktop operating system Apple has fixed vulnerabilities that still remain in its mobile iOS platform.

That was the problem brought to light a few weeks ago, when Apple issued fixes in iOS 7.1.1 that had been previously fixed in the OS X version of Safari a full three weeks earlier.

As I wrote at the time:

“Every time Apple treats its smartphone and tablet customers as poor relations when it comes to security, they are putting millions of users at risk.”

Apple’s knowledgebase claims OS X Mavericks 10.9.3 “includes the security content of Security Update 2014-002.” Good to know, but that was the security update Cupertino issued back on April 22nd. So anyone who has been keeping on top of their Apple Mac security will have already (hopefully) applied that.

Is there nothing else in the way of security?

In hope of an answer, I re-read Apple’s description of the update:

Security information link

For detailed information about the security content of this update please visit: http://support.apple.com/kb/HT1222

As you can see, Apple provides a link for further information about the update’s security content. But guess what? At the time of writing, if you click on the link you’ll find nothing. As normal, Apple is dragging its heels about posting information about the nature of this security update – leaving the very people who are perhaps keenest to make informed decisions about the importance of updating sooner rather than later in the dark.

Hopefully in a few hours, Apple will actually post some more information about the security-related content in this update for those people who are interested.

But I find it astonishing to believe that a company which prides itself on slick launches and presentation fails every time to release security information in a co-ordinated fashion.

I would like to think that the only true security updates (beyond the improved VPN support for those with IPsec connections) in OS X 10.9.3 are those already covered by Security Update 2014-002 last month. But, because they have dawdled in releasing information, I’m somewhat left in the dark.

If you believe you know, definitively, what security issues Mac OS X 10.9.3 fixes, or if you have an opinion on how Apple releases security updates – why not leave a comment below?

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →