Apple has released minor updates to both OS X 10.10 Yosemite and iOS 8, calling out just a few general changes in the main release notes, but noting nearly 70 security fixes for OS X and over 40 for iOS. It seems likely that Apple’s release was timed to follow the Black Hat and DEF CON security conferences, where privately reported security vulnerabilities might be made public. Given the number of security fixes, I’d encourage you to install these updates soon, since they’re more important than the release notes might imply.
OS X -- For Mac users, OS X 10.10.5, which is available via Software Update or standalone delta (from 10.10.4, 1.02 GB) and combo (from any version of 10.10, 2.12 GB) updaters, has only three items in its release notes:
Improves compatibility with certain email servers when using Mail
Fixes an issue in Photos that prevented importing videos from GoPro cameras
Fixes an issue in QuickTime Player that prevented playback of Windows Media files
On the security side, however, Apple lists 69 entries that span the gamut from OS X’s Unix apps and utilities to the kernel itself. For the most part, the specifics aren’t interesting, but a few are worth calling out. The DYLD_PRINT_TO_FILE vulnerability discovered by Stefan Esser and the CEO of information security firm GrayHash, who goes by @beist on Twitter, has been blocked. That’s important because it made it possible for apps to gain root permissions without requiring a password; even more concerning was that it had started to appear in the wild. In addition, previous versions of the Unix sudo utility included in OS X could allow an attacker access to arbitrary files — that’s a bad thing.
If you have trouble installing via the App Store app, try the combo updater — I’ve seen some reports of installations failing to complete and retrying repeatedly.
iOS 8.4.1 -- For those using an iPhone or iPad, iOS 8.4.1 focuses its attention on six fixes related to Apple Music:
Resolves issues that could prevent turning on iCloud Music Library
Resolves an issue that hides added music because Apple Music was set to show offline music only
Provides a way to add songs to a new playlist if there aren’t any playlists to choose from
Resolves an issue that may show different artwork for an album on other devices
Resolves several issues for artists while posting to Connect
Fixes an issue where tapping Love doesn’t work as expected while listening to Beats 1
But don’t get the impression you can pass on installing iOS 8.4.1 if you don’t use Apple Music. As with OS X 10.10.5, there are oodles of security fixes — 43 all told. None are particularly notable.
As always, you can install iOS 8.4.1 from Settings > General > Software Update on your device, or by connecting it to iTunes.