Software Update in Mountain Lion. Ask Question Asked 8 years, 2 months ago. Active 6 years, 3 months ago. Viewed 963 times 3. Can anyone who has upgraded to Mountain Lion confirm that software updating is now done through the App Store and no longer through the Software Update utility? If this is the case, does this mean different family. OS X Mountain Lion is available now as a download from the Mac App Store. Just click the Mac App Store icon in your dock, purchase Mountain Lion, and follow the onscreen instructions to install it. Mountain Lion will not only make your Mac work better, it also makes your Mac work even better with your iPhone, iPad, and iPod touch. Because it comes with iCloud, your mail. Mountain Lion update After a long beta period, Apple has released OS X Mountain Lion version 10.8.5, a system update for Mac users that delivers improvements to existing features and apps, as well.
The software patching configuration built into most operating systems is configured to open a box at home, join your network and start using the computer right away. As environments grow from homes to offices and then offices grow into enterprises, at some point software updates and patches need to be managed centrally. Mountain Lion, as with its OS X Server predecessors has a Software Update service. The service in the Server app is known as Software Update and from the command line is known as swupdate.The Software Update service, by default, stores each update in the /var/db/swupd directory. The Software Update servie is actually comprised of three components. The first is an Apache server, invoked by the /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.swupdate.host.plist LaunchDaemon. This LaunchDaemon invokes a httpd process and clients access updates from the server based on a manifest of updates available in the sucatalog. These are synchronized with Apple Software Updates via /Applications/Server.app/Contents/ServerRoot/usr/sbin/swupd_syncd, the LaunchDaemon for swupdate at /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.swupdate.sync.plist. The Apache version is now Apache/2.2.22.Clients can be pointed at the server then via a Profile or using the defaults command to edit the /Library/Preferences/com.apple.SoftwareUpdate.plist file. The contents of this file can be read using the following command:OS X Mountain Lion (version 10.8) is the ninth major release of macOS, Apple Inc.' S desktop and server operating system for Macintosh computers. OS X Mountain Lion was released on July 25, 2012 for purchase and download through Apple's Mac App Store, as part of a switch to releasing OS X versions online and every year, rather than every two years or so. Mountain Lion is better than Lion, and some of the Macs that support 10.7 Lion don't support 10.8 Mountain Lion. For those at the least, it's a great upgrade, though I agree that for users on 10.6 it's probably better to stay on Snow Leopard.
defaults read /Library/Preferences/com.apple.SoftwareUpdate.plistTo point a client to a server via the command line, use a command such as the following:sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://updates.krypted.com:8088/index.sucatalogBut first, you'll need to configure and start the Software Update service. Lucky you, it's quick (although quick in a hurry up and wait kind of way). To get started, open the Server app and then click on the Software Update service.By default, updates are set to simply mirror the Apple servers, by default, enabling each update that Apple publishes, effectively proxying updates. You can use the Manual button if you would like to configure updates to either manually be approved and manually synchronized or just manually approved but automatically copied from Apple. Otherwise click on the ON button and wait for the updates to cache to simply mirror the Apple servers.If you would like to manually configure updates, click on the Manual option and then click on the Updates tab.The first item in the Updates tab is the 'Austomatically download new updates' checkbox. This option downloads all of the updates but does not enable them. The Updates tab also displays all available updates. click on one and then click on the cog-wheel icon towards the bottom of the screen to configure its behavior (Download, Enable, Disable, Remove and View Update).Note: The only option for updates in an Automatic configuration environment is disable.The service can be managed using serveradmin. To start Software Update, use the start option, followed by the swupdate service identifier:sudo serveradmin start swupdateTo stop the service, replace start with stop:sudo serveradmin stop swupdateTo see the status of the service, including the location of updates, the paths to log files, when the service was started and the number of updates running, use the fullstatus option:sudo serveradmin fullstatus swupdateThe output of which appears as follows:swupdate:state = 'RUNNING'swupdate:lastChecktime = 2012-08-04 17:04:45 +0000swupdate:syncStatus = 'DONE'swupdate:syncServiceState = 'RUNNING'swupdate:setStateVersion = 1swupdate:lastProductsUpdate = 2012-08-04 17:07:10 +0000swupdate:logPaths:swupdateAccessLog = '/var/log/swupd/swupd_access_log'swupdate:logPaths:swupdateErrorLog = '/var/log/swupd/swupd_error_log'swupdate:logPaths:swupdateServiceLog = '/var/log/swupd/swupd_syncd_log'swupdate:readWriteSettingsVersion = 1swupdate:checkError = noswupdate:pluginVers = '10.8.91 (91)'swupdate:updatesDocRoot = '/var/db/swupd/'swupdate:hostServiceState = 'RUNNING'swupdate:autoMirror = noswupdate:numOfEnabledPkg = 0swupdate:servicePortsAreRestricted = 'NO'swupdate:numOfMirroredPkg = 0swupdate:autoMirrorOnlyNew = noswupdate:startTime = 2012-08-04 17:04:45 +0000swupdate:autoEnable = noThere are also a number of options available using the serveradmin settings that aren't exposed to the Server app. These include a feature I used to use a lot in the beginning of deployments with poor bandwidth, only mirroring new updates, which is available to swupdate via the autoMirrorOnlyNew option. To configure:sudo serveradmin settings swupdate:autoMirrorOnlyNew = yesAlso, the service can throttle bandwidth for clients. To use this option, run the following command:sudo serveradmin settings swupdate:limitBandwidth = yesAnd configure bandwidth using the syncBandwidth option, as follows:sudo serveradmin settings swupdate:syncBandwidth = 10To automatically sync updates but not enable them (as the checkboxes allow for in the Server app, use the following command:sudo serveradmin settings swupdate:autoEnable = noThe port (by default 8088) can be managed using the portToUse option, here being used to set it to 80 (clients need this in their catalog URL from here on out):sudo serveradmin settings swupdate:portToUse = 80Finally, administrators can purge old packages that are no longer needed using the PurgeUnused option:sudo serveradmin swupdate:PurgeUnused = yesOne of the biggest drawbacks of the Software Update service in OS X Mountain Lion Server in my opinion is the fact that it does not allow for serving 3rd party packages, from vendors such as Microsoft or Adobe. To provide those vendors with a manifest file and a quick little path option to add those manifest files, a nice middle ground could be found between the Mac App Store and the built in software update options in OS X. But then, we wouldn't want to make it too easy.Another issue many have had is that users need administrative passwords to run updates and don't have them (technically this isn't a problem with the OS X Server part of the stack, but it's related). While many options have come up for this, one is to just run the softwareupdate command for clients via ARD or a similar tool.Many environments have used these issues to look at tools such as reposado or third party patch management tools such as JAMF Software's the Casper Suite (JAMF also makes a reposado-based VM that mimics the swupdate options), FileWave, Absolute Manage and others. Overall, the update service in Mountain Lion is easily configured, easily managed and easily deployed to clients. It is what it needs to be for a large percentage of OS X Mountain Lion (10.8) Server administrators. This makes it a very viable option and if you've already got a Mountain Lion computer sitting around with clients not yet using a centralized update server, well worth enabling.Apple Lion Update
Note: Managing multiple Software Update Servers has changed in OS X Mountain Lion Server, see my previous post for more information on these changes.These can be downloaded and installed via Software Update preferences, or from Apple Downloads.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see 'How to use the Apple Product Security PGP Key.'
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other Security Updates, see 'Apple Security Updates'.
OS X Mountain Lion v10.8.5 and Security Update 2013-004
Apache
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Multiple vulnerabilities in Apache
Description: Multiple vulnerabilities existed in Apache, the most serious of which may lead to cross-site scripting. These issues were addressed by updating Apache to version 2.2.24.
CVE-ID
CVE-2012-0883
CVE-2012-2687
CVE-2012-3499
CVE-2012-4558
Bind
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Multiple vulnerabilities in BIND
Description: Multiple vulnerabilities existed in BIND, the most serious of which may lead to a denial of service. These issues were addressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not affect Mac OS X v10.7 systems.
CVE-ID
CVE-2012-3817
CVE-2012-4244
CVE-2012-5166
CVE-2012-5688
CVE-2013-2266
Certificate Trust Policy
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Root certificates have been updated
Description: Several certificates were added to or removed from the list of system roots. The complete list of recognized system roots may be viewed via the Keychain Access application.
Bind
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Multiple vulnerabilities in BIND
Description: Multiple vulnerabilities existed in BIND, the most serious of which may lead to a denial of service. These issues were addressed by updating BIND to version 9.8.5-P1. CVE-2012-5688 did not affect Mac OS X v10.7 systems.
CVE-ID
CVE-2012-3817
CVE-2012-4244
CVE-2012-5166
CVE-2012-5688
CVE-2013-2266
Certificate Trust Policy
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Root certificates have been updated
Description: Several certificates were added to or removed from the list of system roots. The complete list of recognized system roots may be viewed via the Keychain Access application.
ClamAV
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5
Impact: Multiple vulnerabilities in ClamAV
Description: Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.97.8.
CVE-ID
CVE-2013-2020
CVE-2013-2021
CoreGraphics
Available for: OS X Mountain Lion v10.8 to v10.8.4
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking.
CVE-ID
CVE-2013-1025 : Felix Groebert of the Google Security Team
ImageIO
Available for: OS X Mountain Lion v10.8 to v10.8.4
Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking.
CVE-ID
CVE-2013-1026 : Felix Groebert of the Google Security Team
Installer
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Packages could be opened after certificate revocation
Description: When Installer encountered a revoked certificate, it would present a dialog with an option to continue. The issue was addressed by removing the dialog and refusing any revoked package.
CVE-ID
CVE-2013-1027
IPSec
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: An attacker may intercept data protected with IPSec Hybrid Auth
Description: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. Macbook time machine external hard drive. This issue was addressed by properly checking the certificate.
CVE-ID
CVE-2013-1028 : Alexander Traud of www.traud.de
Kernel
Available for: OS X Mountain Lion v10.8 to v10.8.4
Impact: A local network user may cause a denial of service
Description: An incorrect check in the IGMP packet parsing code in the kernel allowed a user who could send IGMP packets to the system to cause a kernel panic. The issue was addressed by removing the check.
CVE-ID
CVE-2013-1029 : Christopher Bohn of PROTECTSTAR INC.
Mobile Device Management
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4 Photo editing software for windows 10 free download.
Impact: Passwords may be disclosed to other local users
Description: A password was passed on the command-line to mdmclient, which made it visible to other users on the same system. The issue was addressed by communicating the password through a pipe.
CVE-ID
CVE-2013-1030 : Per Olofsson at the University of Gothenburg
OpenSSL
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Multiple vulnerabilities in OpenSSL
Description: Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to disclosure of user data. These issues were addressed by updating OpenSSL to version 0.9.8y.
CVE-ID
CVE-2012-2686
CVE-2013-0166
CVE-2013-0169
Apple Lion Software Download
PHP
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP, the most serious of which may lead to arbitrary code execution. These issues were addressed by updating PHP to version 5.3.26.
CVE-ID
CVE-2013-1635
CVE-2013-1643
CVE-2013-1824
CVE-2013-2110
PostgreSQL
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Multiple vulnerabilities in PostgreSQL
Description: Multiple vulnerabilities exist in PostgreSQL, the most serious of which may lead to data corruption or privilege escalation. CVE-2013-1901 does not affect OS X Lion systems. This update addresses the issues by updating PostgreSQL to version 9.1.9 on OS X Mountain Lion systems, and 9.0.4 on OS X Lion systems.
CVE-ID
CVE-2013-1899
CVE-2013-1900
CVE-2013-1901
Power Management
Available for: OS X Mountain Lion v10.8 to v10.8.4
Impact: The screen saver may not start after the specified time period
Description: A power assertion lock issue existed. This issue was addressed through improved lock handling.
CVE-ID
CVE-2013-1031
QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of 'idsc' atoms in QuickTime movie files. This issue was addressed through additional bounds checking.
CVE-ID
CVE-2013-1032 : Jason Kratzer working with iDefense VCP
Screen Lock
Available for: OS X Mountain Lion v10.8 to v10.8.4
Impact: A user with screen sharing access may be able to bypass the screen lock when another user is logged in
Description: A session management issue existed in the screen lock's handling of screen sharing sessions. This issue was addressed through improved session tracking.
CVE-ID
CVE-2013-1033 : Jeff Grisso of Atos IT Solutions, Sébastien Stormacq
Mountain Lion Software Update Windows 10
sudo
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8 to v10.8.4
Impact: An attacker with control of an admin user's account may be able to gain root privileges without knowing the user's password
Description: By setting the system clock, an attacker may be able to use sudo to gain root privileges on systems where sudo has been used before. On OS X, only admin users can change the system clock. This issue was addressed by checking for an invalid timestamp.
CVE-ID
CVE-2013-1775
Note: OS X Mountain Lion v10.8.5 also addresses an issue in which certain Unicode strings could cause applications to unexpectedly quit.
