This article originally appeared in TidBITS on 2015-10-22 at 2:22 p.m.
The permanent URL for this article is:
Include images: Off

Security Update 2015-007 (Mavericks) and 2015-004 (Yosemite)

by Agen G. N. Schmitz

Apple has issued Security Update 2015-007 [1] for OS X 10.9.5 Mavericks and Security Update 2015-004 for 10.10.5 Yosemite, bringing along many of the security fixes that appeared in the concurrently released OS X 10.11.1 El Capitan (see “Apple Releases OS X 10.11.1 to Fix Microsoft Office 2016 Crashes [2],” 21 October 2015). Regardless of the somewhat confusing naming (Apple doesn’t normally re-use security update numbers within the same year, but 004 was used back in April), these security updates patch a wide swath of memory corruption issues, including vulnerabilities with the Accelerate Framework in multi-threading mode, handling of audio files, CoreGraphics, handling of font files, and parsing of disk images — all of which could lead to arbitrary code execution. The security updates are available via Software Update or via direct download from Apple’s Support Downloads Web site. (Free. For 10.9.5 Mavericks [3], 266.2 MB; for 10.10.5 Yosemite [4], 334.7 MB)