Reprinted from TidBITS by permission; reuse governed by Creative Commons license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary on Apple and Internet topics. For free email subscriptions and access to the entire TidBITS archive, visit http://www.tidbits.com/ Security Update 2013-004 for Lion and Snow Leopard Josh Centers Apple has released [1]Security Update 2013-004 for Mac OS X 10.7 Lion and 10.6 Snow Leopard, both of which receive two versions: [2]Lion (113.23 MB) and [3]Lion Server (161.17 MB), plus [4]Snow Leopard (331.5 MB) and [5]Snow Leopard Server (406.49 MB). Most notably, the update fixes an issue where an attacker could gain superuser access by resetting the system clock. (for details, see '[6]Hackers Can Root Macs by Going Back in Time,' 30 August 2013) The updates also plug security holes in CoreGraphics, ImageIO, and QuickTime that could permit malicious movie files or PDFs to cause application crashes or arbitrary code execution. Additionally, these updates fix other user-level vulnerabilities, including Installer packages that could be opened after certificate revocation, a bug that prevented the screensaver from automatically starting, a vulnerability that could allow users with screen sharing access to bypass the screen lock, and an issue in Mobile Device Management that could disclose passwords to local users. All these updates fix a number of security vulnerabilities on the UNIX end, including the Apache Web server, the BIND DNS server, the ClamAV virus scanner, the IPSec security package, the PHP scripting language, and the PostgreSQL database. A bug in the kernel was fixed that could allow a local denial of service attack. (Free) References 1. http://support.apple.com/kb/HT5880 2. http://support.apple.com/kb/DL1677 3. http://support.apple.com/kb/DL1679 4. http://support.apple.com/kb/DL1678 5. http://support.apple.com/kb/DL1680 6. http://tidbits.com/article/14068 .