Apple Releases New Security Update for OS X Yosemite 10.10.2 Users

Apple today released Security Update 2015–003 1.0 for users who are running the current publicly available version of Yosemite, OS X 10.10.2. The update includes fixes for iCloud Keychain and an issue that could allow malicious applications to execute code.

- Security Update 2015-003 Yosemite
- Security Update 2015-003 Yosemite (Early 2015 Mac)

Apple recommends that all users download the update, which can be acquired through the Software Update tool in the Mac App Store, or through the links below. According to Apple, the update "improves the security of OS X." There are two different versions available, one for early 2015 Macs and one for earlier Macs.

iCloud Keychain
Available for: OS X Yosemite v10.10.2
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of
data during iCloud Keychain recovery. These issues were addressed
through improved bounds checking.
CVE-ID
CVE-2015-1065 : Andrey Belenko of NowSecure

IOSurface
Available for: OS X Yosemite v10.10.2
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A type confusion issue existed in IOSurface's handling
of serialized objects. The issue was addressed through additional
type checking.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero

Today's security update comes 10 days after Apple issued Security Update 2015–002 designed to fix the “FREAK” security flaw that left many devices vulnerable to hacking attempts.