Safari Update For Mac 10.8.5

I’m calling it a security update, though it’s officially a full-on point release of OS X Mountain Lion, taking the 10.8 variant of Apple’s OS X to version 10.8.5.

But with twice as many security fixes listed as regular bug fixes and improvements, I’m happy to call it a “security update,” if only in the hope you’ll feel a bit more urgency about deploying it.

There are 15 official security patches, one fix that Apple has appended to the list without explicitly admitting that it was a security issue, and one bonus patch that is mentioned on Apple’s website but not in its emailed security advisory.

I’ll start with the free bonus patch, because I’m delighted it’s happened and I think you should know about it.

The infamous sudo privilege escalation, documented and patched by sudo itself back in February and pointedly exposed on OS X by Metasploit last month, is no more.

Confusingly, if you run sudo -V to check the version number, you might get the impression it hasn’t been updated, since 1.7.4p6a has the same core version string as the version shipped with 10.8.4 (1.7.4p6).

Mac 10.8.5 safari free download for mac (page 2) - Xmarks for Safari 1.3.5: Your favorite bookmarks anywhere in Safari, and much more programs. A Google search box is a standard component of the Safari interface, as are software services which automatically fill out Web forms and spell-check entries into web page text fields. This wikiHow teaches you how to update Safari and get rid of the 'This version of Safari is no longer supported' messages. If you're using a Mac with OS X 10.5 (Leopard) or older, you must first purchase a copy of OS X 10.6 (Snow Leopard) and install it on your Mac before you'll be able to update Safari.

Nevertheless, the sudo binary has been updated, and in my tests, the privilege escalation bug had vanished.

Until 10.8.4, doing a sudo -k (which is supposed to deauthenticate you, and thus does not require a password), followed by setting the time to just after midnight on 01 Jan 1970, would give you root access.

In 10.8.5, it does not.

Presumably, Apple yielded to public pressure to fix this long-running hole, but, instead of taking all the sudo changes from the past few months, just backported the sudo -k fix to version 1.7.4p6, a much less risky change.

Moving up the list, the not-a-security-fix I mentioned above is included, almost as an afterthought, as follows:

OS X Mountain Lion v10.8.5 also addresses an issue where certain Unicode strings could cause applications to unexpectedly terminate.

That’s the bug we decribed as “only six characters from a crash.”

Although it probably deserved to be called a denial of service rather than merely “an issue,” it was indeed more of an annoyance than a vehicle for cybercrooks.

At any rate, it’s good to see it patched quickly.

Other significant patches include potential remote code execution holes in:

JBIG2 decompression in PDF files by the CoreGraphics library.
JPEG2000 decompression in PDF files by the ImageIO component.
The web programming system PHP.
The handling of QuickTime movies by QuickTime.

If you’re an OS X user, you may have been unaware that PHP was installed at all, since it is usually considered a server-side component.

But it is present, and it was vulnerable, although it isn’t enabled by default, even if you turn on OS X’s built-in Apache web server.

PHP isn’t the only server-flavoured component to receive security attention in 10.8.5, with fixes also shipped for the following applications usually found on servers:

The Apache webserver. (Cross-site scripting.)
The name server Bind. (Denial of service.)
The database server PostgreSQL. (Privilege escalation.)

For users on the still-supported earlier versions of OS X, namely Snow Leopard (10.6) and Lion (10.7), the latest fixes come as Security Update 2013-004, rather than as a point release.

The list of fixes for 10.6 and 10.7 is similar to the list for 10.8.5, with the addition of a remote code execution flaw in ClamAV. (ClamAV is not part of the OS X 10.8 distribution.)

Safari Update For Mac 10.6

Also, the oldest supported OS X version, 10.6, gets a separate update for a remote code execution hole in Safari, which moves to version 5.1.10.

Neither Lion nor Mountain Lion need or receive this fix, as they are on Safari 6.

Safari Update For Mac 10.9.5

As usual, you can grab Apple’s updates by simply clicking on the Apple Menu and choosing Software Update… or by downloading them as DMG files from Apple’s download site.

Some useful pages on Apple’s site include:

HT5880: Security content of 10.8.5 and 2013-004.
HT5921: Security content of Safari 5.1.10.
DL1675: OS X Mountain Lion Update v10.8.5. [From 10.8.4 only, 273MB.]
DL1676: OS X Mountain Lion Update v10.8.5 (Combo). [From any 10.8, 831MB.]
DL1677: Security Update 2013-004 (Lion). [113MB.]
DL1678: Security Update 2013-004 (Snow Leopard). [331MB.]
DL1569: Safari 5.1.10 for Snow Leopard. [48MB.]

To conclude, even though Macs don’t get malware (only kidding!), Apple has updated its plugin blocker following Adobe’s latest Patch Tuesday.

Safari will now refuse to use Flash plugins earlier than 11.8.800.94.

Safari Update For Mac 10.8.5

That doesn’t force you to be bang up to date with Flash – the September Patch Tuesday introduced 11.8.800.168 to fix remote code execution holes in the 11.8.800.94 – but ensuring you are at the latest-but-one is at least a start.

Happy patching!

(I did my 10.8.5 update early this morning: it may be only half a day, but so far, so good.)

Safari Update For Mac Os X

Macintosh sites
A-E F-NO-ZMac OS X

Download my résumé as a Word compressed zip file and Adobe Acrobat. My freelance availability calendar is also available. Tech support jobs.

advanced

If you need technical support for issues after reading this FAQ, please visit my Tech Support page, where I offer fee based support.

Note: this page was formerly on the Mac OS X speed FAQ
This page was started as a one stop resource for many Apple compatible web browsers. In an effort to make it easier to find out why certain websites won't work on your Mac.

A user tip on Apple Support Communities was added on 3/26/2021 by me to address current browsers for Macs.

It is divided into these sections:

References for coding websites

Many websites may not be totally compatible with any of those web browsers, but that's because their webmasters (the commonly used term for the programmer of a webpage) neglect to follow WWW Consortium Standards. You should write the webmaster of any website that doesn't follow those standards and let them know that the web is more than just for Windows users, and that following those standards will help their web pages be more accessible. First off, those who can't afford another operating system, can now see their website as viewed from nearly every browser on the planet at Browsershots.org.
A great page on helping webmasters become more crossbrowser compatible is Anybrowser.org. Others include Webstandards.org, and Webmonkey.
Mac users may be interested in Pure-Mac's Editors - Software for Macintosh for a variety of webpage editors for the Mac
Meanwhile if the webmaster doesn't respond, here are links to all the major web browsers for the Mac and tools to make them work more efficiently. In addition to requesting webmasters to make websites more compatible, let the authors of the web browsers know when a website doesn't work. Below the table below are Java updates.
The contact link to the various web browser authors is in the table below next to each web browser:

Browser name with download link	PowerPC and/or Mac OS 9 version	Contact/feedback link
Older versions included on earlier updates for Mac upgrades may not work as well as current browsers available for them. A history of security updates also covers when Safari was updated. Safari 11.1.2 is available for 10.11.6. Wikipedia lists the latest Safari version, and which operating system can use it Safari 11.1 is in 10.13.4. Safari 9.1.2 is on 10.11.6's last security update that came out simultaneously with 10.13.4. Safari 9.0 ships with Mac OS X 10.11, and version 9.1 is available for 10.9, 10.10, and 10.11 through Software updates for the operating systems combined with the the security update, and the Safari update through the App Store. 10.10.4 for instance can't get Safari 9.1, but Mac OS X 10.9.5 and 10.10.5 can, and it must be installed separately from the security update unless you install all the updates for the operating system together including remote desktop and other updates which may not be needed by you. Other browsers such as Chrome and Firefox are not as sensitive to the operating system. Safari 8.0.8 ships with Mac OS X 10.10.5 Safari 8.0.7 ships with Mac OS X 10.10.4 Safari 7.0.5 ships with Mac OS X 10.9.4. Safari 7 ships with Mac OS X 10.9. Safari 6.0.5 is part of Mac OS X 10.8.5. Safari 6.0 ships with Mac OS X 10.8 Mountain Lion. Safari Safari 6 for Mac OS X 10.7, and Safari 5 for Mac OS X 10.6 are being kept up to date. Safari 5.1.6 came out with 10.7.4. In 10.7.3 and 10.6.8 it is 5.1.5. Safari 5.1.2 is available in Mac OS X 10.7.2, and 10.6.8 from Apple for 10.6.8 only. Version 5.0.4 is included with 10.6.7. Safari 5.0 is included with 10.6.4, however requires 10.5.8, and 10.6.2 or later on Apple's website. Note, version 5.0.2 has reportedly had issues with some computers slowing downloads of updates. 5.0.3 appears to have fixed the problem for some, as well as issues with the download speed of . Version 4.0.5 could also run on 10.6.2. Version 4.0.4 shipped with Mac OS X 10.6.2. Version 4.0.3 came with 10.6 and 10.6.1. Version 4.0.2 was included with 10.5.8. Safari 3.2.3 is also available for 10.5.7, 10.4.11 (no longer available as English download), Windows XP and Vista (version no longer stored at Apple). Version 3.2.1 was available for 10.5.5. Version 3.0.4 was included with 10.4.11, and 10.5, 10.5.1, and 10.5.2. Version 3.1 and later include a 'Develop menu' in the Safari menu -> Preferences -> Advanced that allows Safari to spoof a website into thinking it is a different web browser. Prior versions (3.0.4 and earlier), read about enabling the Debug menu. If you want to explore the command line via Applications -> Utilities -> Terminal, you can enable the Debug menu that the previously available software Safari Enhancer does offer you a User Agent menuitem to cloak itself as a different web browser (I'm not sure which versions this works on since I haven't tested it on all): defaults write com.apple.Safari IncludeDebugMenu 1 Nagarabrowser (original source no longer exists) gives Safari a kiosk mode. With the 10.3.9 update it has been reported that several third party addons such as Saft and Acid Search will need updates. The March 2005 security update fixes Java issues on Safari, and if you applied the 10.3.9 delta update, applying the 10.3.9 combined update will often fix issues. See my Upgrade FAQ for more on how to apply updates without running into issues such as these.	Version 1.1.1 and later are only available as part of Apple's Mac OS X 10.3. Older versions of Safari are only available in non-English varieties from Apple: Version 1.3.2 is available for 10.3.9. Version 2.0 is current as of Mac OS X 10.4, and 2.0.1 is available for 10.4.2)*, and 2.0.4 is available when you upgrade Mac OS X 10.4 to 10.4.7 through 10.4.10. Safari is also available for 10.5.7, 10.4.11, Windows XP and Vista. Version 3.2.1 was available for 10.5.5. Version 3.0.4 was included with 10.4.11, and 10.5, 10.5.1, and 10.5.2.	Go to Safari menu and select 'Report Bugs to Apple'
Download Netscape 9 for Mac OS X,	Netscape 7.0.2 Mac PowerPC and other versions listed as Mac PowerPC are available for Mac OS 9	AOL Developer page
Microsoft Internet Explorer is no longer available for download from Microsoft. A WINE version for Intel Macs offers some I.E. 7 compatibility.	The Mac OS X version 5.2.3 is available from Majorgeeks. There are several stores which carry old Apple operating system disks which also included Internet Explorer for Mac OS X. If installing older operating system disks, be sure to observe the System Specific installation notes. The Mac OS X version of Internet Explorer was last preloaded on Mac OS X 10.3's Install Disk 2 as version 5.2.3. The included Internet Explorer for Mac OS 9 on restore disks and Mac OS 9 installer disks is version 5.0. Remember if installing Mac OS X, only an Archive and Install and Upgrade and Install will let you preserve applications from previous versions of Mac OS X on the hard disk. Otherwise, you'll need to either use the Install Additional Applications from the restore disks, or Charlessoft's Pacifist to extract the files from the installer packages to reretrieve Internet Explorer (if it wasn't backed up elsewhere). Macintosh Repository has the only known copies of version 5.1.7 for Mac OS 9.	Microsoft product feedback page
Omnigroup's Omniweb for 10.4.8 to 10.9.5	E-mail Omniweb support
Opera	Opera for Mac OS 7 through 9	Opera's Contact page
iCab - one of the few browsers that still has downloads going back to System 7.5 (you read that right, from 1995)	Download page lists both Mac OS 9 and Mac OS X versions	E-mail iCab support
Mozilla can immitate other browsers with User-agent switcher	Classila and Wamcom Mozilla for Mac OS 9	Mozilla Bugzilla feedback page
Google Chrome	Google Chrome Discussions
Camino (formerly known as Navigator)	Camino Bugzilla feedback page
Firefox (formerly known as Firebird) can immitate other browsers with User-agent switcher. Its version 45.9 works well with Yahoo on 10.6.8	PowerPC version	Firefox Bugzilla feedback page
Waterfox - Mac OS X 10.7.5 compatible Firefox, This tip was written on Apple Support Communities: 'It's October 2017 now, and I run the current version of Waterfox (55.2.2) on OS X 10.7.5. It's derived from Firefox, but is is less tardy than Firefox. I like that the Reader mode has speech output tied to OS X's voices and that it automatically chooses the correct language as well - if only it wouldn't crash sometimes for some reason... Important for Youtube: If Youtube videos don't play in Waterfox (giving you a playback error message) you will have to deactivate the Multiple Process feature in Waterfox's preference settings.'	Contact info
Bumpercar - kids web browser	Bumpercar contact addresses
Tenfourfox	Support
Brave	Help Center
WannaBe	Contact info

You can run PC web browsers on the Mac if you use one of these Intel operating systems on the Mac solutions. Note however, any website which requires you use Internet Explorer for Windows is unlikely to be a very secure website, given the number of times such websites have been hacked.

Java Updates

Note: Java versioning may confuse some people when someone refers to Java 7, they really mean Java 1.7.x. Versions on Apple download site usually refer to the 1.x versioning.

Java version 7 has had a security flaw which is documented on my tip user tip on Apple's Support Communities. Apple explains the latest Java available for Mac OS X 10.4, and 10.5, at Article TS3489.
The latest Java exists for Mac OS X 10.6.8 and 10.7.3 and addresses some of the Flashback trojan issue. For the 10.6.8 download go to DL1516.
Java for 10.7.3 and later is supported by http://www.java.com/
The latest Java for 10.5.8 is http://support.apple.com/kb/DL1359
And for 10.7 go to Oracle's Java page. Apple has a guide to the latest Java updates on their Technote Database. Not all Javas are Mac compatible without Emulation or Virtualization as ActiveX was only developed for Windows, and is not a true Java. Any site that uses ActiveX should be criticized for not using an open standard of Java. Java support may be improved 10.2.3 combo or 10.2.4 through 10.2.6 combo updates, Java update for Mac OS X 10.3 to Java 1.4.1, Java update for 10.3.4 to 1.4.2, Java Update for 10.3.9, Java 2 Platform Standard Edition (J2SE) 5.0 release 1 for Tiger, Software Update search for latest Java updates
The Carbon Java Plugin, and Java Embedding Plugin are both different plugins which can be used to make certain Java sites more accessible in some Mac OS X web browsers. I would be careful not to run both at the same time.

Adobe has dropped all Flash support as of December 31, 2020. If you still have Flash on your computer, visit Adobe's website to download the uninstaller. If you find websites that still require it, please remind them that HTML5 has now supplanted Flash.

A similar problem to that which exists for web browsers, is that most e-mail programs don't have complete support for web browser standards. As a result, getting HTML e-mail can be problematic at best. There is an excellent site that discusses the issues of HTML e-mail at Birdhouse.org. Among them there are security, accessibility, and design elements which simply don't render the same way on all e-mails. If you receive HTML e-mails and have no option to receive text, I recommend contacting the company that sends such e-mails and ask for a link to the webpage which has those documents. Attachments are also problematic as my Mac OS X page reference discusses. It is better for any document being transmitted via e-mail that can't be represented by ASCII text to be saved to a website and referred to by a link in an e-mail, than attempts to render information in e-mail which can't be universally read.