Reprinted from TidBITS by permission; reuse governed by Creative Commons license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary on Apple and Internet topics. For free email subscriptions and access to the entire TidBITS archive, visit http://www.tidbits.com/ OS X 10.8.5 Fixes Nasty Text Rendering Bug Josh Centers While Apple continues to move toward the upcoming debut of OS X 10.9 Mavericks, the company has quietly pushed out [1]OS X Mountain Lion Update 10.8.5 with a handful of stability and performance fixes. The free update is available via the Mac App Store, with [2]delta (273.72 MB ' from 10.8.4) and [3]combo (831.13 MB ' from any previous version of 10.8) updaters ready for download from Apple's Web site. Though we haven't heard of any significant problems with the update, it's always a good idea to wait a few days to see if any arise. [4][tn_Mountain-Lion.jpg] Bugs fixed include one that prevented Apple Mail from displaying messages, another that stopped the screen saver from starting automatically, and a third that thwarted a smart card from unlocking preference panes in System Preferences. The update also enhances performance in three areas: AFP file transfers over 802.11ac Wi-Fi, large file transfers over Ethernet, and Open Directory authentication. Also, the update improves Xsan reliability and bundles in the bug fixes in MacBook Air (Mid 2013) Software Update 1.0 (for details, see '[5]MacBook Air (Mid 2013) Software Update 1.0,' 22 July 2013). But perhaps the most important change is one that Apple didn't mention: a patch for a nasty text rendering bug that could cause Messages and Safari to crash, and cause Wi-Fi errors if a network was named with the characters in question. (see '[6]Text Display Bug Can Render Apps Unusable,' 30 August 2013). After installing 10.8.5, we tested sample URLs that had previously caused crashes, and can confirm that Apple has squashed this bug, which had already been fixed in iOS 7 and Mavericks. It presumably still exists in the current iOS 6.1.3; we anticipate a 6.1.4 update to iOS to fix it as well. The update also includes the security improvements from [7]Security Update 2013-004, most notably a fix for an issue where an attacker could gain superuser access by resetting the system clock. (for details, see '[8]Hackers Can Root Macs by Going Back in Time,' 30 August 2013) OS X Mountain Lion Update 10.8.5 also plugs security holes in CoreGraphics, ImageIO, and QuickTime that could permit malicious movie files or PDFs to cause application crashes or arbitrary code execution. Additionally, the update fixes other user-level vulnerabilities, including Installer packages that could be opened after certificate revocation, a bug that could allow users with screen sharing access to bypass the screen lock, and a vulnerability in Mobile Device Management that could disclose passwords to local users. Finally, OS X Mountain Lion Update 10.8.5 fixes a number of security vulnerabilities on the UNIX end, including the Apache Web server, the BIND DNS server, the ClamAV virus scanner, the IPSec security package, the PHP scripting language, and the PostgreSQL database. A bug in the kernel was fixed that could allow a local denial of service attack. References 1. http://support.apple.com/kb/HT5815 2. http://support.apple.com/kb/DL1675 3. http://support.apple.com/kb/DL1676 4. http://tidbits.com/resources/2013-09/Mountain-Lion.png 5. http://tidbits.com/article/13945 6. http://tidbits.com/article/14067 7. http://support.apple.com/kb/HT5880 8. http://tidbits.com/article/14068 .