This article originally appeared in TidBITS on 2015-12-08 at 2:47 p.m.
The permanent URL for this article is:
Include images: Off

Security Update 2015-008 (Mavericks) and 2015-006 (Yosemite)

by Agen G. N. Schmitz

Apple has issued Security Update 2015-008 [1] for OS X 10.9 Mavericks and Security Update 2015-006 [2] for 10.10 Yosemite with some patches specific to these older releases sprinkled in amongst the security fixes that appear in the concurrently released OS X 10.11.2 El Capitan (see “OS X 10.11.2 Focuses on Improving Reliability and Security [3],” 8 December 2015). Initially, Apple had released Security Update 2015-005 for Yosemite, but it replaced that download with the new Security Update 2015-006 without comment, other than to note that the new update includes all the security patches from the previous one. Make sure to get the latest version, regardless.

In particular, the two security updates address multiple memory corruption issues in ImageIO, OpenGL, CoreGraphics, and CoreMedia Playback, as well as a memory corruption issue related to the handling of iWork files — all of which could lead to arbitrary code execution. Additionally, the updates fix an issue that existed in the validation of access control lists for keychain items, which could grant a malicious application access to a user’s keychain items. The security updates are available via Software Update or via direct download from Apple’s Support Downloads Web site. (Free. For 10.9.5 Mavericks [4], 288.3 MB; for 10.10.5 Yosemite, 369 MB)