This article originally appeared in TidBITS on 2015-06-30 at 11:46 p.m.
The permanent URL for this article is:
Include images: Off

Security Update 2015-005 (Mountain Lion and Mavericks)

by Agen G. N. Schmitz

Apple has issued Security Update 2015-005 [1] for OS X 10.8 Mountain Lion and 10.9 Mavericks, mirroring many of the security fixes that are included with the concurrently released 10.10.4 Yosemite (see “Apple Improves Networking in OS X 10.10.4 [2],” 30 June 2015). The lengthy list of patched vulnerabilities includes multiple memory corruption issues in QuickTime, an integer overflow in the Security framework code for parsing S/MIME email messages, the handling of filenames of photos added to the local photo library, a memory corruption issue in the Bluetooth HCI interface, and intermediate certificates incorrectly issued by certificate authority CNNIC (China Internet Network Information Center, which manages the .cn domain; see Glenn Fleishman’s Macworld article [3] on the security updates for more about the CNNIC vulnerability). Security Update 2015-005 is available via Software Update or via direct download from Apple’s Support Downloads Web site. (Free. For 10.8.5 Mountain Lion [4], 207 MB; for 10.9.5 Mavericks [5], 160 MB)