Details:.This system can run the last version of OS X 10.8 'Mountain Lion', OS X 10.9 'Mavericks', OS X 10.10 'Yosemite' and OS X 10.11 'El Capitan' - if upgraded to at least 2 GB of RAM, including booting in 64-bit mode. The new Find My app combines Find My iPhone and Find My Friends into a single, easy-to-use app that's now available on the Mac. Use it to locate your friends and family, share your location, and find missing devices—even if they're offline. Apr 24, 2019 Mac OS X Lion 10.7.2 dmg for mac free. download full version. Mac OS X Lion 10.7.2 offline installer complete setup for mac OS with direct link. Description Mac OS X Lion 10.7.2 Dmg For Mac + Overview. Among exclusive mac OS x releases, mac OS x lion is a broadly used running system. Supplying stability, safety and better compatibility features.
OS X Mountain Lion v10.8.3 and Security Update 2013-001 can be downloaded and installed via Software Update preferences, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see 'How to use the Apple Product Security PGP Key.'
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see 'Apple Security Updates'.
Note: OS X Mountain Lion v10.8.3 includes the content of Safari 6.0.3. For further details see About the security content of Safari 6.0.3.
OS X Mountain Lion v10.8.3 and Security Update 2013-001
Apache
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials
Description: A canonicalization issue existed in the handling of URIs with ignorable Unicode character sequences. This issue was addressed by updating mod_hfs_apple to forbid access to URIs with ignorable Unicode character sequences.
CVE-ID
CVE-2013-0966 : Clint Ruoho of Laconic Security
CoreTypes
Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically even if the Java plug-in is disabled
Description: Java Web Start applications would run even if the Java plug-in was disabled. This issue was addressed by removing JNLP files from the CoreTypes safe file type list, so the Web Start application will not be run unless the user opens it in the Downloads directory.
CVE-ID
CVE-2013-0967
International Components for Unicode
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: A canonicalization issue existed in the handling of the EUC-JP encoding, which could lead to a cross-site scripting attack on EUC-JP encoded websites. This issue was addressed by updating the EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Identity Services
Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Authentication relying on certificate-based Apple ID authentication may be bypassed
Description: An error handling issue existed in Identity Services. If the user's AppleID certificate failed to validate, the user's AppleID was assumed to be the empty string. If multiple systems belonging to different users enter this state, applications relying on this identity determination may erroneously extend trust. This issue was addressed by ensuring that NULL is returned instead of an empty string.
CVE-ID
CVE-2013-0963
ImageIO
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of TIFF images. This issue was addressed through additional validation of TIFF images.
CVE-ID
Wd passport 1tb for mac. When the Finder window opens, on the menu bar, select ‘Go' and then ‘Utilities.' After that, you will be able to see /Applications/Utilities folder in Finder. From the Utilities folder window, select ‘Disk Utility' application.
CVE-2012-2088
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted image may lead to an unexpected system termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of graphics data. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2013-0976 : an anonymous researcher
Kernel
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them.
CVE-ID
CVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square, and additional anonymous researchers
Login Window
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: An attacker with keyboard access may modify the system configuration
Description: A logic error existed in VoiceOver's handling of the Login Window, whereby an attacker with access to the keyboard could launch System Preferences and modify the system configuration. This issue was addressed by preventing VoiceOver from launching applications at the Login Window.
CVE-ID
CVE-2013-0969 : Eric A. Schulman of Purpletree Labs
Mac Os X Sierra
Messages
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: Clicking a link from Messages may initiate a FaceTime call without prompting
Description: Clicking on a specifically-formatted FaceTime:// URL in Messages could bypass the standard confirmation prompt. This issue was addressed by additional validation of FaceTime:// URLs.
CVE-ID
CVE-2013-0970 : Aaron Sigel of vtty.com
Messages Server
Available for: Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may reroute federated Jabber messages
Description: An issue existed in the Jabber server's handling of dialback result messages. An attacker may cause the Jabber server to disclose information intended for users of federated servers. This issue was addressed through improved handling of dialback result messages.
CVE-ID
CVE-2012-3525
PDFKit
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue existed in the handling of ink annotations in PDF files. This issue was addressed through improved memory management.
CVE-ID
CVE-2013-0971 : Tobias Klein working with HP TippingPoint's Zero Day Initiative
Podcast Producer Server
Available for: Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Podcast Producer Server.
Clover for mac os x. CVE-ID
CVE-2013-0156
Podcast Producer Server
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of JSON data. This issue was addressed by switching to using the JSONGem backend for JSON parsing in the Rails implementation used by Podcast Producer Server.
CVE-ID
CVE-2013-0333
PostgreSQL
Available for: Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5
Impact: Multiple vulnerabilities in PostgreSQL
Description: PostgreSQL was updated to version 9.1.5 to address multiple vulnerabilities, the most serious of which may allow database users to read files from the file system with the privileges of the database server role account. Further information is available via the PostgreSQL web site at http://www.postgresql.org/docs/9.1/static/release-9-1-5.html
CVE-ID
CVE-2012-3488
CVE-2012-3489
Profile Manager
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Profile Manager.
CVE-ID
CVE-2013-0156
QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2012-3756 : Kevin Szkudlapski of QuarksLab
Ruby
Available for: Mac OS X Server 10.6.8
Impact: A remote attacker may be able to cause arbitrary code execution if a Rails application is running
Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling YAML and symbols in XML parameters in Rails.
CVE-ID
CVE-2013-0156
Security
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly issued by TURKTRUST. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue was addressed by not allowing the incorrect SSL certificates.
Software Update
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5
Impact: An attacker with a privileged network position may be able to cause arbitrary code execution
Description: Software Update allowed a man in the middle attacker to insert plugin content into the marketing text displayed for updates. This may allow the exploitation of a vulnerable plugin, or facilitate social engineering attacks involving plugins. This issue does not affect OS X Mountain Lion systems. This issue was addressed by preventing plugins from being loaded in Software Update's marketing text WebView.
CVE-ID
CVE-2013-0973 : Emilio Escobar
Wiki Server
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Wiki Server.
CVE-ID
CVE-2013-0156
Apple Id For Mac Os X Lion 10.8
Wiki Server
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of JSON data. This issue was addressed by switching to using the JSONGem backend for JSON parsing in the Rails implementation used by Wiki Server.
CVE-ID
CVE-2013-0333
Apple Mac Os X Information
Malware removal
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Description: This update runs a malware removal tool that will remove the most common variants of malware. If malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.
To learn about other Security Updates, see 'Apple Security Updates'.
Note: OS X Mountain Lion v10.8.3 includes the content of Safari 6.0.3. For further details see About the security content of Safari 6.0.3.
OS X Mountain Lion v10.8.3 and Security Update 2013-001
Apache
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentials
Description: A canonicalization issue existed in the handling of URIs with ignorable Unicode character sequences. This issue was addressed by updating mod_hfs_apple to forbid access to URIs with ignorable Unicode character sequences.
CVE-ID
CVE-2013-0966 : Clint Ruoho of Laconic Security
CoreTypes
Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Visiting a maliciously crafted website could allow a Java Web Start application to be launched automatically even if the Java plug-in is disabled
Description: Java Web Start applications would run even if the Java plug-in was disabled. This issue was addressed by removing JNLP files from the CoreTypes safe file type list, so the Web Start application will not be run unless the user opens it in the Downloads directory.
CVE-ID
CVE-2013-0967
International Components for Unicode
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: A canonicalization issue existed in the handling of the EUC-JP encoding, which could lead to a cross-site scripting attack on EUC-JP encoded websites. This issue was addressed by updating the EUC-JP mapping table.
CVE-ID
CVE-2011-3058 : Masato Kinugawa
Identity Services
Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Authentication relying on certificate-based Apple ID authentication may be bypassed
Description: An error handling issue existed in Identity Services. If the user's AppleID certificate failed to validate, the user's AppleID was assumed to be the empty string. If multiple systems belonging to different users enter this state, applications relying on this identity determination may erroneously extend trust. This issue was addressed by ensuring that NULL is returned instead of an empty string.
CVE-ID
CVE-2013-0963
ImageIO
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of TIFF images. This issue was addressed through additional validation of TIFF images.
CVE-ID
Wd passport 1tb for mac. When the Finder window opens, on the menu bar, select ‘Go' and then ‘Utilities.' After that, you will be able to see /Applications/Utilities folder in Finder. From the Utilities folder window, select ‘Disk Utility' application.
CVE-2012-2088
IOAcceleratorFamily
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted image may lead to an unexpected system termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of graphics data. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2013-0976 : an anonymous researcher
Kernel
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: Maliciously crafted or compromised applications may be able to determine addresses in the kernel
Description: An information disclosure issue existed in the handling of APIs related to kernel extensions. Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection. This issue was addressed by unsliding the addresses before returning them.
CVE-ID
CVE-2012-3749 : Mark Dowd of Azimuth Security, Eric Monti of Square, and additional anonymous researchers
Login Window
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: An attacker with keyboard access may modify the system configuration
Description: A logic error existed in VoiceOver's handling of the Login Window, whereby an attacker with access to the keyboard could launch System Preferences and modify the system configuration. This issue was addressed by preventing VoiceOver from launching applications at the Login Window.
CVE-ID
CVE-2013-0969 : Eric A. Schulman of Purpletree Labs
Mac Os X Sierra
Messages
Available for: OS X Mountain Lion v10.8 to v10.8.2
Impact: Clicking a link from Messages may initiate a FaceTime call without prompting
Description: Clicking on a specifically-formatted FaceTime:// URL in Messages could bypass the standard confirmation prompt. This issue was addressed by additional validation of FaceTime:// URLs.
CVE-ID
CVE-2013-0970 : Aaron Sigel of vtty.com
Messages Server
Available for: Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may reroute federated Jabber messages
Description: An issue existed in the Jabber server's handling of dialback result messages. An attacker may cause the Jabber server to disclose information intended for users of federated servers. This issue was addressed through improved handling of dialback result messages.
CVE-ID
CVE-2012-3525
PDFKit
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A use after free issue existed in the handling of ink annotations in PDF files. This issue was addressed through improved memory management.
CVE-ID
CVE-2013-0971 : Tobias Klein working with HP TippingPoint's Zero Day Initiative
Podcast Producer Server
Available for: Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Podcast Producer Server.
Clover for mac os x. CVE-ID
CVE-2013-0156
Podcast Producer Server
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of JSON data. This issue was addressed by switching to using the JSONGem backend for JSON parsing in the Rails implementation used by Podcast Producer Server.
CVE-ID
CVE-2013-0333
PostgreSQL
Available for: Mac OS X Server 10.6.8, OS X Lion Server v10.7 to v10.7.5
Impact: Multiple vulnerabilities in PostgreSQL
Description: PostgreSQL was updated to version 9.1.5 to address multiple vulnerabilities, the most serious of which may allow database users to read files from the file system with the privileges of the database server role account. Further information is available via the PostgreSQL web site at http://www.postgresql.org/docs/9.1/static/release-9-1-5.html
CVE-ID
CVE-2012-3488
CVE-2012-3489
Profile Manager
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Profile Manager.
CVE-ID
CVE-2013-0156
QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of 'rnet' boxes in MP4 files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2012-3756 : Kevin Szkudlapski of QuarksLab
Ruby
Available for: Mac OS X Server 10.6.8
Impact: A remote attacker may be able to cause arbitrary code execution if a Rails application is running
Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling YAML and symbols in XML parameters in Rails.
CVE-ID
CVE-2013-0156
Security
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information
Description: Several intermediate CA certificates were mistakenly issued by TURKTRUST. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue was addressed by not allowing the incorrect SSL certificates.
Software Update
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5
Impact: An attacker with a privileged network position may be able to cause arbitrary code execution
Description: Software Update allowed a man in the middle attacker to insert plugin content into the marketing text displayed for updates. This may allow the exploitation of a vulnerable plugin, or facilitate social engineering attacks involving plugins. This issue does not affect OS X Mountain Lion systems. This issue was addressed by preventing plugins from being loaded in Software Update's marketing text WebView.
CVE-ID
CVE-2013-0973 : Emilio Escobar
Wiki Server
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of XML parameters. This issue was addressed by disabling XML parameters in the Rails implementation used by Wiki Server.
CVE-ID
CVE-2013-0156
Apple Id For Mac Os X Lion 10.8
Wiki Server
Available for: OS X Lion Server v10.7 to v10.7.5
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A type casting issue existed in Ruby on Rails' handling of JSON data. This issue was addressed by switching to using the JSONGem backend for JSON parsing in the Rails implementation used by Wiki Server.
CVE-ID
CVE-2013-0333
Apple Mac Os X Information
Malware removal
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2
Description: This update runs a malware removal tool that will remove the most common variants of malware. If malware is found, it presents a dialog notifying the user that malware was removed. There is no indication to the user if malware is not found.
FaceTime is not available in all countries or regions.