Mac users running the latest version of Apple's OS X are now fully protected against an attack that allows hackers to hijack some encrypted browsing sessions. Apple OS X users also received new defenses against malware attacks that exploit Oracle's frequently abused Java browser plugin.

In all, an OS X update released Tuesday fixes more then 30 security bugs in addition to a host of minor usability issues. On the same day, Apple also updated its Safari browser to plug more than two dozen security holes, some of which could allow attackers to remotely execute malicious code.

The most notable fix included an update to the open-source OpenSSL cryptography library to prevent attacks that allowed hackers to hijack browser sessions even when they were protected by the HTTPS encryption. Banks, e-commerce merchants, and other sites use this encryption to prevent snooping on sensitive transactions and to prove the authenticity of their webpages. The "CRIME" attacks—short for Compression Ratio Info-leak Made Easy—are able to decrypt encrypted communications when they incorporate one of two data-compression schemes designed to reduce network bandwidth. The OpenSSL fix works by disabling compression when using the transport layer security (TLS) protocol.

"There were known attacks on the confidentiality of TLS 1.0 when compression was enabled," an Apple advisory said. It went on to credit researchers Juliano Rizzo and Thai Duong for discovering the vulnerability.

Like most other browsers, Safari was already thought to be immune from CRIME attacks because it didn't support the vulnerable compression schemes. Tuesday's update ensures Mac users running alternative browsers or other software that rely on TLS are also protected against CRIME attacks.

Additionally, Tuesday's update changed the way Java Web Start applications are handled. "Starting with OS X 10.8.4, Java Web Start applications downloaded from the Internet need to be signed with a Developer ID certificate," the advisory said. "Gatekeeper will check downloaded Java Web Start applications for a signature and block such applications from launching if they are not properly signed."

Gatekeeper made its debut with the July release of Mountain Lion, aka version 10.8 of OS X. The tool is designed to improve security by allowing Mac users to restrict the source of apps that are permitted to be installed. Although Gatekeeper has generally received positive reviews, developers—including those who created the malware that infected Apple, Facebook, and Twitter and a separate malicious program that infected a human rights activist's laptop—have reportedly been able to bypass the protection.