Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Security Update 2017-001 (Yosemite and El Capitan)

Apple has released Security Update 2017-001 for OS X 10.10 Yosemite and 10.11 El Capitan, bringing a few select patches from the macOS 10.12.4 Sierra release to the two older operating systems (see “Apple Releases macOS 10.12.4, watchOS 3.2, and tvOS 10.2,” 27 March 2017). The security update addresses a memory corruption issue in both systems that could allow a maliciously crafted JPEG file to arbitrarily execute code, as well as a timing side channel issue that affected El Capitan that could leak sensitive user information. (Free. For 10.10.5 Yosemite, 495.2 MB; for 10.11.6 El Capitan, 700.6 MB; security content release notes)


PDFpen and PDFpenPro 9 add 100+ enhancements to improve your PDF
editing experience, with annotations, Tables of Contents, and more
export options. For PDF reviewing, editing, signing, redacting and
exporting, PDFpen has you covered. <>

Comments about Security Update 2017-001 (Yosemite and El Capitan)

To leave a comment, click Add a Comment and then enter the text, your name, and your email address (which won't be displayed). Your comment will appear after you follow a link in the one-time confirmation message we send to verify that you're a real person.
Receive comments via RSS
rhett bohling  2017-03-28 05:44
Patches are always welcome, but can someone explain the JPEG?
Adam Engst  An apple icon for a TidBITS Staffer 2017-03-28 09:38
The "maliciously crafted" bit basically means that the bad guys can create a JPEG file that's "corrupt" in some way that causes Apple's graphics rendering libraries to fail such that code embedded in the corrupt JPEG file is executed.
rhett bohling  2017-04-12 07:41
Thanks for the reply Adam. I just realized you guys have a podcast. I have been a subscriber for a little over a couple years. I enjoy the updates.