Apr 29, 2016 Mac OS X v10.6.6 or later to install via the Mac App Store (v10.6.8 recommended) 7 GB of available disk space. To install OS X 10.8 Mountain Lion, 10.9 Mavericks (currently unavailable) or OS X 10.10 Yosemite.you need one of these Macs: OS X 10.8 Mountain Lion purchased emailed download code here.
These can be downloaded and installed via Software Update preferences, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see 'How to use the Apple Product Security PGP Key.'
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see 'Apple Security Updates'.
OS X Mountain Lion v10.8.5 and Security Update 2013-004
- ApacheAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4Impact: Multiple vulnerabilities in ApacheDescription: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.24.CVE-IDCVE-2012-0883CVE-2012-2687CVE-2012-3499CVE-2012-4558
- BindAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4Impact: Multiple vulnerabilities in BINDDescription: Multiple vulnerabilities existed in BIND, the most serious of which may lead to a denial of service. These issues were addressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not affect Mac OS X v10.7 systems.CVE-IDCVE-2012-3817CVE-2012-4244CVE-2012-5166CVE-2012-5688CVE-2013-2266
- Certificate Trust PolicyAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4Impact: Root certificates have been updatedDescription: Several certificates were added to or removed from the list of system roots. The complete list of recognized system roots may be viewed via the Keychain Access application.
- ClamAVAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5Impact: Multiple vulnerabilities in ClamAVDescription: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.97.8.CVE-IDCVE-2013-2020CVE-2013-2021
- CoreGraphicsAvailable for: OS X Mountain Lion v10.8 to v10.8.4Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code executionDescription: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking.CVE-IDCVE-2013-1025 : Felix Groebert of the Google Security Team
- ImageIOAvailable for: OS X Mountain Lion v10.8 to v10.8.4Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code executionDescription: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking.CVE-IDCVE-2013-1026 : Felix Groebert of the Google Security Team
- InstallerAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4Impact: Packages could be opened after certificate revocationDescription: When Installer encountered a revoked certificate, it would present a dialog with an option to continue. The issue was addressed by removing the dialog and refusing any revoked package.CVE-IDCVE-2013-1027
- IPSecAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4Impact: An attacker may intercept data protected with IPSec Hybrid AuthDescription: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. This issue was addressed by properly checking the certificate.CVE-IDCVE-2013-1028 : Alexander Traud of www.traud.de
- KernelAvailable for: OS X Mountain Lion v10.8 to v10.8.4Impact: A local network user may cause a denial of serviceDescription: An incorrect check in the IGMP packet parsing code in the kernel allowed a user who could send IGMP packets to the system to cause a kernel panic. The issue was addressed by removing the check.CVE-IDCVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC.
- Mobile Device ManagementAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4Impact: Passwords may be disclosed to other local usersDescription: A password was passed on the command-line to mdmclient, which made it visible to other users on the same system. The issue was addressed by communicating the password through a pipe.CVE-IDCVE-2013-1030 : Per Olofsson at the University of Gothenburg
- OpenSSLAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4Impact: Multiple vulnerabilities in OpenSSLDescription: Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to disclosure of user data. These issues were addressed by updating OpenSSL to version 0.9.8y.CVE-IDCVE-2012-2686CVE-2013-0166CVE-2013-0169
- PHPAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4Impact: Multiple vulnerabilities in PHPDescription: Multiple vulnerabilities existed in PHP, the most serious of which may lead to arbitrary code execution. These issues were addressed by updating PHP to version 5.3.26.CVE-IDCVE-2013-1635CVE-2013-1643CVE-2013-1824CVE-2013-2110
- PostgreSQLAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4Impact: Multiple vulnerabilities in PostgreSQLDescription: Multiple vulnerabilities exist in PostgreSQL, the most serious of which may lead to data corruption or privilege escalation. CVE-2013-1901 does not affect OS X Lion systems. This update addresses the issues by updating PostgreSQL to version 9.1.9 on OS X Mountain Lion systems, and 9.0.4 on OS X Lion systems.CVE-IDCVE-2013-1899CVE-2013-1900CVE-2013-1901
- Power ManagementAvailable for: OS X Mountain Lion v10.8 to v10.8.4Impact: The screen saver may not start after the specified time periodDescription: A power assertion lock issue existed. This issue was addressed through improved lock handling.CVE-IDCVE-2013-1031
- QuickTimeAvailable for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in the handling of 'idsc' atoms in QuickTime movie files. This issue was addressed through additional bounds checking.CVE-IDCVE-2013-1032 : Jason Kratzer working with iDefense VCP
- Screen LockAvailable for: OS X Mountain Lion v10.8 to v10.8.4Impact: A user with screen sharing access may be able to bypass the screen lock when another user is logged inDescription: A session management issue existed in the screen lock's handling of screen sharing sessions. This issue was addressed through improved session tracking.CVE-IDCVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sébastien Stormacq
- sudoAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4Impact: An attacker with control of an admin user's account may be able to gain root privileges without knowing the user's passwordDescription: By setting the system clock, an attacker may be able to use sudo to gain root privileges on systems where sudo has been used before. On OS X, only admin users can change the system clock. This issue was addressed by checking for an invalid timestamp.CVE-IDCVE-2013-1775
- Note: OS X Mountain Lion v10.8.5 also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit.
Last Updated: 16 January 2013 These release notes cover the following topics: Key FeaturesVMware Horizon View Client for Mac OS X makes it easy to access your Windows virtual desktop from your Mac with the best possible user experience on the Local Area Network (LAN) or across a Wide Area Network (WAN).
Horizon View Client Feature Support Matrix
What's New in This ReleaseThis release of VMware Horizon View Client for Mac OS X includes the following new feature:
InternationalizationThe user interface and documentation for Horizon View Client are available in English, Japanese, French, German, Simplified Chinese, Traditional Chinese, and Korean. Before You Begin
Resolved IssuesResolved in Horizon View Client 2.3.x
Resolved in Horizon View Client 2.2.x
Resolved in Horizon View Client 2.1.x
Resolved in Horizon View Client 2.0.x
Known Issues
|