Yesterday (May 9th) Apple released two major updates for Mac OS X. The first being a software update from 10.7.3 to 10.7.4 which includes Safari 5.1.6. After installing this software update you will then be prompted to install Safari 5.1.7.
Mac OS X 10.7.4 fixes the Mac OS 10.7.3 Lion login password debug file vulnerability. This exposed a user’s password if they upgraded to Lion, only if they had enabled the legacy version of FileVault 1. As I stated earlier this week, this security flaw only affects FileVault 1 that had encrypted a user’s home directory. Worth noting again, you would only be exposed, if you upgraded from FileVault 1 to Lion.
Safari 5.1.7 though, has seen a major modification regarding how it handles Flash in the browser. We all know that plug-ins are a security nightmare, so it’s no surprise that Apple has introduced a feature which checks what version of Flash is running and whether it updates itself to the current version. Note: If you are using Flash 10.1.102.64 or older, then this version is disabled and you are directed to download and install the current Flash version. A smart feature. Mozilla Firefox added something similar way back in 2009 for Mac users.
I’m also hopeful this latest software update includes a fix for connecting Macs to SMB servers. It appears to include improved reliability of binding and logging into Active Directory accounts. Many of my readers who use Lion with SMB will know what I am talking about here. I did fix the issue back in March – a Java update seemed to allow my Mac to connect to our SMB. However, when I dropped off my office network and then reconnected the following day I was unable to chat with the SMB server. I will report back with my findings in due course. UPDATE 28th May: I’ve been unable to fix the Lion SMB/AD binding issue. Others are still experiencing similar difficulties.
Safe surfing folks!