won't risk doing beta testing on main daily system, and don't have spare machine. Will do a fresh install of 10.8.5 (or maybe even 10.8.6 if that comes out around when 10.9.3 is official).
it looks like 10.9x has two sets of issues, fixing buggy features/functions and updating security.
4k @60hz is nice to have, can they include that in 10.8.6?
at the current rate maybe when they reach 10.9.4/10.9.5 is probably a stable osx 10.9x system, but 10.10 might be what windows 7 was to windows vista.
Used 10.9x mavericks since 10.91 for semi production critical stuff (as a rule avoid any "xx.0" releases on mission critical/production systems), the most annoying thing in 10.9x is they removed sync over usb cable for their iphones/ipad devices and mail/network stuff.
It looks and feels like 10.9 is a 'work in progress' for the next iteration, 10.10?, like what 10.7x was between 10.6.8 and 10.8x. the only difference, is apple removed then re-added functions that were already in previous versions of the os, or apps apple updated (pages/numbers/keynote/etc).
Why is apple the only developer that has 10.9x only (free) apps too (bad idea,but they can afford it with the pile of cash they have today), while some other developers of popular os x apps haven't done this.
guess apple will try same tactic in future, maybe we can see final cut pro x+1, or logic pro as a free app only for 10.10 and above and won't have the same issues they have with 10.9x.
Syncing iPhone/ipad with mavericks 10.92 over public open/secured wifi such as cafe wifi, while seeing news about NSA prism, etc. isn't that great, and probably a whole lot more security exploits, such as the recent update from apple covers (http://support.apple.com/kb/HT6207) for those that depend on iCloud, and similar online services .
Security Update 2014-002
Learn about Security Update 2014-002.
CFNetwork HTTPProtocol
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, and OS X Mavericks 10.9.2
Impact: An attacker in a privileged network position can obtain web site credentials
Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines.
CVE-ID
CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris
CoreServicesUIAgent
Available for: OS X Mavericks 10.9.2
Impact: Visiting a maliciously crafted website or URL may result in an unexpected application termination or arbitrary code execution
Description: A format string issue existed in the handling of URLs. This issue was addressed through additional validation of URLs. This issue does not affect systems prior to OS X Mavericks.
CVE-ID
CVE-2014-1315 : Lukasz Pilorz of runic.pl, Erik Kooistra
FontParser
Available for: OS X Mountain Lion v10.8.5
Impact: Opening a maliciously crafted PDF file may result in an unexpected application termination or arbitrary code execution
Description: A buffer underflow existed in the handling of fonts in PDF files. This issue was addressed through additional bounds checking. This issue does not affect OS X Mavericks systems.
CVE-ID
CVE-2013-5170 : Will Dormann of CERT/CC
Heimdal Kerberos
Available for: OS X Mavericks 10.9.2
Impact: A remote attacker may be able to cause a denial of service
Description: A reachable abort existed in the handling of ASN.1 data. This issue was addressed through additional validation of ASN.1 data.
CVE-ID
CVE-2014-1316 : Joonas Kuorilehto of Codenomicon
ImageIO
Available for: OS X Mavericks 10.9.2
Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved bounds checking. This issue does not affect systems prior to OS X Mavericks.
CVE-ID
CVE-2014-1319 : Cristian Draghici of Modulo Consulting, Karl Smith of NCC Group
Intel Graphics Driver
Available for: OS X Mountain Lion v10.8.5 and OS X Mavericks 10.9.2
Impact: A malicious application can take control of the system
Description: A validation issue existed in the handling of a pointer from userspace. This issue was addressed through additional validation of pointers.
CVE-ID
CVE-2014-1318 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative
IOKit Kernel
Available for: OS X Mavericks 10.9.2
Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization
Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object.
CVE-ID
CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative
Kernel
Available for: OS X Mavericks 10.9.2
Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization
Description: A kernel pointer stored in a XNU object could be retrieved from userland. This issue was addressed through removing the pointer from the object.
CVE-ID
CVE-2014-1322 : Ian Beer of Google Project Zero
Power Management
Available for: OS X Mavericks 10.9.2
Impact: The screen might not lock
Description: If a key was pressed or the trackpad touched just after the lid was closed, the system might have tried to wake up while going to sleep, which would have caused the screen to be unlocked. This issue was addressed by ignoring keypresses while going to sleep. This issue does not affect systems prior to OS X Mavericks.
CVE-ID
CVE-2014-1321 : Paul Kleeberg of Stratis Health Bloomington MN, Julian Sincu at the Baden-Wuerttemberg Cooperative State University (DHBW Stuttgart), Gerben Wierda of R&A, Daniel Luz
Ruby
Available for: OS X Mavericks 10.9.2
Impact: Running a Ruby script that handles untrusted YAML tags may lead to an unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in LibYAML's handling of YAML tags. This issue was addressed through additional validation of YAML tags. This issue does not affect systems prior to OS X Mavericks.
CVE-ID
CVE-2013-6393
Ruby
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, and OS X Mavericks 10.9.2
Impact: Running a Ruby script that uses untrusted input to create a Float object may lead to an unexpected application termination or arbitrary code execution
Description: A heap-based buffer overflow issue existed in Ruby when converting a string to a floating point value. This issue was addressed through additional validation of floating point values.
CVE-ID
CVE-2013-4164
Security - Secure Transport
Available for: OS X Mountain Lion v10.8.5 and OS X Mavericks 10.9.2
Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL
Description: In a 'triple handshake' attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker's data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. This issue does not affect Mac OS X 10.7 systems and earlier.
CVE-ID
CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris
WindowServer
Available for: OS X Mountain Lion v10.8.5 and OS X Mavericks 10.9.2
Impact: Maliciously crafted applications can execute arbitrary code outside the sandbox
Description: WindowServer sessions could be created by sandboxed applications. This issue was addressed by disallowing sandboxed applications from creating WindowServer sessions.
CVE-ID
CVE-2014-1314 : KeenTeam working with HP's Zero Day Initiative
Users can now download and install the latest beta of OS X free through the AppleSeed beta program. Until now, Apple's betas have been licensed developer builds only- through the $99/yr Mac Developer program.
It appears as if you simply join using your Apple ID, and you can download the beta seed configuration utility. Sounds great- the more people that use the betas and give feedback, the more bug-free OS X will be.
I installed this (after using Carbon Copy Cloner to keep my hard drive in check) update last night. My system loaded into OSX 10.9.4 with no issues and as usual I lost my audio and network connections.
When I used Multibeast (The Mavericks Edition) to correct the audio and network issues I got error codes that I haven't seen before and the operating system "hung up" on boot load. After running Multibeast, the system could no longer load. I re-booted from my CCC hard drive and I am now back to 10.9.3 with everything working fine.
I'm going to try it again tomorrow, and I hope to have enough information from the users of this forum (and some good wits about me) to see the "update" through.
Please provide some words of wisdom in the comments section of this forum.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
