Eighteen of the 26 reported WebKit vulnerabilities were credited to researchers either employed at Google or outsiders with long histories of receiving bug bounties from Google.
Only one of bugs was uncovered by Apple.
That could be a problem in the future, as Google is in the middle of switching from WebKit to its own Blink engine for Chrome and Chrome OS: Traditionally, Google engineers and the company's flock of bug finders have uncovered the bulk of WebKit vulnerabilities.
Apple also patched Macs running Lion and Snow Leopard with Security Update 2013-002, a companion to 10.8.4. The Snow Leopard update arrived a record 11 months after the introduction of Mountain Lion, signaling that Apple has changed its support policy and will keep patching "n-2" long after "n," the current edition of OS X, has shipped.
Traditionally, Apple has dropped support of n-2 at the launch of n, but the back-to-back releases of Lion and Mountain Lion in 2011 and 2012, and Snow Leopard's still-sizable share, has altered Apple's policy. In May, Snow Leopard powered one in four Macs, the same as Lion.
Apple will introduce OS X 10.9, Mountain Lion's successor, next Monday at its Worldwide Developers Conference, where it will probably assign it a feline moniker and name a launch date and price. While Apple will continue to patch Mountain Lion — perhaps for several years — once OS X 10.9 reaches customers, the Cupertino, Calif. company will stop serving up non-security bug fixes like the ones offered Tuesday for Mountain Lion.
OS X 10.8.4 and Security Update 2013-002 can be retrieved by selecting "Software Update..." from the Apple menu, or by opening the Mac App Store application and clicking the Update icon at the top right. The updates can also be downloaded manually from Apple's support site.
Sign up for CIO Asia eNewsletters.