Recent security updates to OSX and Safari closed some significant security holes in OSX 10.7, 10.8, 10.9 and Safari 6 and Safari 7. But it appears that support for OSX 10.6 “Snow Leopard” has been discontinued by the Cupertino firm. This update cycle included 27 patches that resolved issues that allowed drive by downloads, remote code execution (RCE), and “sandbox escape” exploits. Also included were a couple of recent proof of concept exploits from the recent PWN2OWN 2014 competition in Vancouver.
- CVE-2014-1300: Ian Beer of Google Project Zero working with HP’s Zero Day Initiative
- CVE-2014-1303: KeenTeam working with HP’s Zero Day Initiative
For more information about what was and WASN’T included, see the article on Sophos.Share