This article originally appeared in TidBITS on 2016-03-24 at 12:05 a.m.
The permanent URL for this article is:
Include images: Off

Security Update 2016-002 (Mavericks and Yosemite)

by Agen G. N. Schmitz

Apple has issued Security Update 2016-002 [1] for OS X 10.9 Mavericks and 10.10 Yosemite with a few security fixes that cross over from the concurrently released 10.11.4 El Capitan (see “OS X 10.11.4 Improves Notes, iBooks, and Live Photo Support [2],” 21 March 2016). The update patches an Apache-related vulnerability associated with processing a maliciously crafted .png file that could lead to arbitrary code execution, multiple memory corruption issues related to XML, and an issue with OpenSSH that could expose an information leak and a buffer overflow. (Free. For 10.9.5 Mavericks [3], 370.8 MB; for 10.10.5 Yosemite [4], 462.1 MB)