Apple Releases New Security Update for OS X Yosemite 10.10.2 Users

Apple today released Security Update 2015–003 1.0 for users who are running the current publicly available version of Yosemite, OS X 10.10.2. The update includes fixes for iCloud Keychain and an issue that could allow malicious applications to execute code.

securityupdate003
- Security Update 2015-003 Yosemite
- Security Update 2015-003 Yosemite (Early 2015 Mac)

Apple recommends that all users download the update, which can be acquired through the Software Update tool in the Mac App Store, or through the links below. According to Apple, the update "improves the security of OS X." There are two different versions available, one for early 2015 Macs and one for earlier Macs.
iCloud Keychain
Available for: OS X Yosemite v10.10.2
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of
data during iCloud Keychain recovery. These issues were addressed
through improved bounds checking.
CVE-ID
CVE-2015-1065 : Andrey Belenko of NowSecure

IOSurface
Available for: OS X Yosemite v10.10.2
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A type confusion issue existed in IOSurface's handling
of serialized objects. The issue was addressed through additional
type checking.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
Today's security update comes 10 days after Apple issued Security Update 2015–002 designed to fix the “FREAK” security flaw that left many devices vulnerable to hacking attempts.



Top Rated Comments

(View all)
Avatar
55 months ago
Does anyone know if this update is already integrated in the 10.10.3 Public Beta?
Rating: 1 Votes
Avatar
55 months ago

For the love of god this better not break the mac pro nvdia drivers.


Seems to me there are no Graphics extensions updated.
Rating: 1 Votes
Avatar
55 months ago

Seems to me there are no Graphics extensions updated.


The nvidia drivers look for a specific compatible OS build number.

Maybe not but this is inside the Security Update:

Edit: System version of this update is 14C1514


Hmm, one of the dylib's has "coretls" in the name, could be related to the OpenSSL security flaws announced recently?

http://www.openssl.org/news/secadv_20150319.txt
Rating: 1 Votes
[ Read All Comments ]