Sophos AV Ends Support for Mac OS X 10.6 and 10.7

Sophos Anti-Virus is ending support for Mac OS X 10.6 (Snow Leopard) and 10.7 (Lion) on October 31, 2015. Computers running those operating systems will stop receiving Sophos updates after that date. Information regarding this change can be found at:

https://www.sophos.com/en-us/support/knowledgebase/122477.aspx

Apple stopped releasing security updates for both OS X 10.6 (in February 2014) and 10.7 (in September 2014), so continuing to run computers with those operating systems on the network is not recommended. IS&T strongly encourages you to upgrade those machines to the latest Mac OS if possible to ensure that they are protected.

As always, MIT users who need help or have questions, can contact the IS&T Help Desk at 617.253.1101 or helpdesk@mit.edu, or submit a request online.

Apple Updates for iOS and OS X

Apple has released security updates for iOS and OS X. Both include fixes for the FREAK vulnerability in SSL/TLS. Apple’s Security Update 2015-002 addresses five vulnerabilities; Apple’s iOS 8.2 addresses six vulnerabilities and includes Apple Watch capabilities. Be sure to accept the updates as they occur, or on your computer go to the App Store and click on Updates.

Read the full story in the news.

Bug Fixed in Sophos Anti-Virus for Mac OS X

If you were experiencing some issues with your Sophos client on the Mac, it should now be fixed with the release of Sophos Anti-Virus for Mac OS X 9.1.7. The update was issued to users at MIT running version 9.1.6. and they should be experiencing no more problems.

If, for whatever reason, you did not receive the update or are still experiencing the issues described in the article linked above, please contact the Help Desk: http://ist.mit.edu/help.

Apple Update for OS X

Apple-LogoLast week Apple issued an update for OS X Mavericks (Security Update 2014-001) that addresses a critical SSL flaw. The same issue was fixed earlier in iOS. Users are urged to update their systems as soon as possible as exploit code has already been released. The newest version of OS X is now 10.9.2.

The update fixes 32 additional issues, including six in the QuickTime media player and four that could be exploited to circumvent the application sandbox.

The company issued security updates for OS X Lion 10.7.5, OS X Mountain Lion 10.8.5, and OS X Lion Server 10.7.5, although none of them are reportedly vulnerable to the SSL flaw. Apple is no longer supporting Snow Leopard (OS X 10.6).

Apple issued updates for Safari, bringing the browser’s latest versions to 6.1.2 and 7.0.2. According to Apple, the patch addresses “multiple memory corruption issues” in the WebKit software on which Safari is based, and which an attacker could exploit by tricking a user into visiting a malicious website.

A full listing of the recent security updates can be found at support.apple.com.

Apple Issues OS X Update to Address SSL Flaw

Apple-LogoApple has released a critical security updated for OS X Mavericks (10.9) and Mountain Lion (10.8) to address a flaw discovered in SSL/TLS. SSL (Secure Sockets Layer) is part of the TLS (Transport Layer Security) protocol and is used to encrypt sensitive information, often in a browser, as it traverses the Internet.

The flaw, as described by Apple, can provide “an attacker with a privileged network position [with the ability to] capture or modify data in sessions protected by SSL/TLS.”

It is recommended that all OS X users update their machines as soon as possible.

Information on how to update OS X can be found on Apple’s website [http://support.apple.com/kb/HT1338].

First Security Update for Apple OS X 10.9

Apple-LogoLast week Apple released its first major update for OS X Mavericks (10.9). The update brings a number of bug fixes for Mail and the voice-command user interface VoiceOver, as well as a Safari browser update. The Mail app has been improved for Gmail support, search and contact-groups features.

The biggest improvement was for Safari 7.0.1, which can be applied either with Mavericks or separately. The Safari patch repairs unresponsive forms on sites such as FedEx.com, makes the credit-card autofill easier to use and streamlines VoiceOver with Facebook. Apple also released fixes to Safari 6.1.1. which includes unexpected support for older versions of Mac OS X.

This article provides details for the security update and outlines concerns, voiced by Apple customers since last October, who have not yet updated to Mavericks because their systems don’t have the necessary processing speed, and are running either Lion or Mountain Lion (Apple’s two previous versions of Mac OS X).

Apple has not provided a Security Update for older Mac OS X systems since Security Update 2013-005 on October 15, which contained a Java update. Mavericks was released on October 22, 2013. According to some technology experts, Apple has no plans to further support Mountain Lion. If this is correct, all Mac OS X users must upgrade to the next version in order to receive Apple support, including security updates.

There is a reasonable concern for waiting to upgrade to Mavericks. Staying on Lion (10.7) or Mountain Lion (10.8) can become risky, as unpatched vulnerabilities on the older systems leave them open to attack.

Information Services & Technology (IS&T) at MIT is no longer offering Mac OS X Lion (10.7) software through its website, but still offers Help Desk support. As of November 18, 2013, IS&T is recommending MIT users, especially those using TSM and SAPgui, to wait to upgrade to OS X 10.9 until these known issues have been resolved.

Apple Releases New OS

Apple-LogoEarlier this month, Apple released the newest version of their operating system for both the iOS platform (7.0.3) and desktop (OS X 10.9, aka Mavericks). Many security vulnerabilities are fixed in these releases. Both releases are free.

Information Services & Technology recommends users at MIT wait to upgrade to Mavericks on their desktops because of compatibility concerns with crucial applications in the MIT environment. Limited support is being provided to early adopters and users whose computer comes installed with Mavericks.

Support documentation for OS X Mavericks.