Critical Infrastructure Security, Patch/Configuration Management, Vulnerability Management

Apple updates Snow Leopard, preps for Lion

Apple on Thursday released an update to Mac OS X Snow Leopard (10.6), closing multiple vulnerabilities that could allow an attacker to run malicious code on an affected system.

The update, Mac OS X 10.6.8, fixes approximately three dozen flaws affecting Snow Leopard and Snow Leopard Server that could allow an attacker to execute arbitrary code, disclose sensitive information or cause a denial-of-service condition, Apple said in its advisory.

This is likely the last feature update for Snow Leopard, first released in August 2009, according to Mac security firm Intego. Going forward, Apple is expected to issue security-only updates for Snow Leopard because the next major version of the Mac OS X, Lion 10.7, is scheduled to be released next month.

The Cupertino, Calif. computing giant plans to offer Lion in July through its App Store for $30. Thursday's Snow Leopard update includes unspecified changes to the Mac App Store to get systems ready for the upgrade, Apple said.

The Snow Leopard update also identifies and removes all known variants of MacDefender malware, a rogue anti-virus program that has been spreading through poisoned Google image search results since last month, Apple said in its release notes.

According to Apple's advisory, the update fixes bugs in multiple operating system components, including AirPort, the App Store, CoreGraphics, FTP server, MySQL and OpenSSL.

Apple on Thursday also released a security-only update for Mac OS X Leopard (10.5), fixing many of the same issues as the Snow Leopard update.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.