Apple introduced a security flaw in OS X 10.7.3, but a new software update being pushed out over Software Update fixes this flaw. The new OS X 10.7.4 update is available as a free update to all OS X Lion users.
Apple also shipped a new version of their web browser Safari that now checks your version of Flash and disables it if it isn’t running the latest version. They hope this will alleviate security holes that come from outdated Flash.
OX X 10.7.4 Update for FileVault Vulnerability
The flaw in OS X exposed a user’s password if you upgraded to Lion 10.7.3 but left the legacy version of FileVault turned on for compatibility reasons. FileVault encrypts your hard drive to keep prying eyes from seeing your sensitive data. Many users use FileFault to hide files they don’t want anyone to see when they access the system.
The current version of FileVault doesn’t suffer from this flaw, so the problem likely only affects a limited number of people who kept the old version active for compatibility with older software. FileVault 2 in Lion fixed this and added other creatures like full hard drive encryption, support for external drives, and performance enhancements.
The bug left a gaping hole in systems of the very few people who used the legacy version. Even if that’s not you, I suggest you get the update because you never know what else Apple includes in their security updates. They keep the full details secret to not tip-off would-be hackers.
You can either update via Software Update from the Apple menu on your system or you can download it from Apple directly. Read the full details quoted from the previous link below:
The OS X Lion v10.7.4 Update includes fixes that:
- Resolve an issue in which the “Reopen windows when logging back in” setting is always enabled.
- Improve compatibility with certain British third-party USB keyboards.
- Addresses permission issues that may be caused if you use the Get Info inspector function “Apply to enclosed items…” on your home directory. For more information, see this article.
- Improve Internet sharing of PPPoE connections.
- Improve using a proxy auto-configuration (PAC) file.
- Address an issue that may prevent files from being saved to an SMB server.
- Improve printing to an SMB print queue.
- Improve performance when connecting to a WebDAV server.
- Enable automatic login for NIS accounts.
- Include RAW image compatibility for additional digital cameras.
- Improve the reliability of binding and logging into Active Directory accounts.
- The OS X Lion v10.7.4 Update includes Safari 5.1.6, which contains stability improvements.
For information about the security content of this update, please visit: https://support.apple.com/kb/HT1222.
Safari 5.1.7 Flash Security Fix
The Safari 5.1.7 update will check to see if you installed the latest version of Adobe Flash. If you’re running version 10.1.102.64 or older, then your system does not update itself properly, a feature added to the latest version of Flash for OS X. Out of date Flash often causes security problems on systems allowing nefarious people to access to your system. Thus, Safari will turn flash off so you don’t get infected with malware.
You might have to install the OS X 10.7.4 update mentioned above before you’ll see the new version of Safari in OS X Software Update. Update using Software Update from the Apple menu, restart your system and then run Software Update again. It should show up and you can download it. You can also get it directly from Apple. For future updates bookmark their download page, which always lists the new updates available for all of Apple’s software.