Recent security updates to OSX and Safari closed some significant security holes in OSX 10.7, 10.8, 10.9 and Safari 6 and Safari 7. But it appears that support for OSX 10.6 “Snow Leopard” has been discontinued by the Cupertino firm. This update cycle included 27 patches that resolved issues that allowed drive by downloads, remote code execution (RCE), and “sandbox escape” exploits. Also included were a couple of recent proof of concept exploits from the recent PWN2OWN 2014 competition in Vancouver.
- CVE-2014-1300: Ian Beer of Google Project Zero working with HP’s Zero Day Initiative
- CVE-2014-1303: KeenTeam working with HP’s Zero Day Initiative
For more information about what was and WASN’T included, see the article on Sophos.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com