Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Security Update 2015-002 (Mountain Lion, Mavericks, and Yosemite)

Apple has released Security Update 2015-002 for OS X 10.8 Mountain Lion, 10.9 Mavericks, and 10.10 Yosemite. Most noteworthy is the fix for the FREAK vulnerability (short for Factoring RSA Export Keys), which could enable an attacker to intercept SSL/TLS-encrypted traffic and then access or alter communications between the client and server. Security Update 2015-002 also addresses a vulnerability in IOAcceleratorFamily and IOSurface’s handling of serialized objects for all three operating systems. For Yosemite, the Security Update patches leaking kernel addresses and heap permutation values from the mach_port_kobject kernel interface and improves bounds checking for iCloud Keychain to contain multiple buffer overflows. Security Update 2015-002 is available via Software Update or via direct download from Apple’s Support Downloads Web site. Note that there are two updates available for 10.10 Yosemite — one for Early 2015 Macs (i.e., those announced last week; see “New 12-inch MacBook Joins Updated MacBook Air and MacBook Pro,” 9 March 2015) and one for older Macs. (Free. For 10.8 Mountain Lion, 177.3 MB; for 10.9 Mavericks, 62.3 MB; for 10.10.2 Yosemite, 5.4 MB; and for Yosemite on Early 2015 Macs, 5 MB)

 

READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <http://tidbits.com/member_benefits.html>
Special thanks to Olivier Spinnler, Michael Maloney, Steve Bowser, and
Ian Wolf for their generous support!
 

Comments about Security Update 2015-002 (Mountain Lion, Mavericks, and Yosemite)
(Comments are closed.)

David Redfearn  An apple icon for a TidBITS Supporter 2015-03-11 13:17
I have installed the Photos beta on my MBA for testing, and it appears that I don't get the security update on that system. I could download the update directly and try to install it, but that sounds like a bad idea. So, I guess I wait for the "official" update to arrive (next month?) for this system.
This latest update was unusual - one iMac got the update without problems, the other wanted me to "set up" my mac after the install - and also installed Pages, Numbers, and Keynote updates that had been released in January, and updated iMovie with exactly the same update for a second time. This is really getting flaky.

David
Adam Engst  An apple icon for a TidBITS Staffer 2015-03-11 13:35
It's likely that Apple would build the security updates into the next beta, if they aren't already there. But yes, this is one of the downsides of beta testing... :-(