Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Security Update 2017-001 (Yosemite and El Capitan)

Apple has released Security Update 2017-001 for OS X 10.10 Yosemite and 10.11 El Capitan, bringing a few select patches from the macOS 10.12.4 Sierra release to the two older operating systems (see “Apple Releases macOS 10.12.4, watchOS 3.2, and tvOS 10.2,” 27 March 2017). The security update addresses a memory corruption issue in both systems that could allow a maliciously crafted JPEG file to arbitrarily execute code, as well as a timing side channel issue that affected El Capitan that could leak sensitive user information. (Free. For 10.10.5 Yosemite, 495.2 MB; for 10.11.6 El Capitan, 700.6 MB; security content release notes)


READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <>
Special thanks to Randolph Peterson, Peter Wesly, Stuart Katz, and
Bradford Behr for their generous support!

Comments about Security Update 2017-001 (Yosemite and El Capitan)
(Comments are closed.)

rhett bohling  2017-03-28 05:44
Patches are always welcome, but can someone explain the JPEG?
Adam Engst  An apple icon for a TidBITS Staffer 2017-03-28 09:38
The "maliciously crafted" bit basically means that the bad guys can create a JPEG file that's "corrupt" in some way that causes Apple's graphics rendering libraries to fail such that code embedded in the corrupt JPEG file is executed.
rhett bohling  2017-04-12 07:41
Thanks for the reply Adam. I just realized you guys have a podcast. I have been a subscriber for a little over a couple years. I enjoy the updates.