Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Apple Releases OS X 10.10.2, iOS 8.1.3, and Apple TV 7.0.3

Apple has updated OS X Yosemite to 10.10.2, iOS to 8.1.3, and the third-generation Apple TV to 7.0.3 to address a number of troublesome issues, as well as a large number of security concerns.

OS X Yosemite -- The OS X Yosemite 10.10.2 Update is now available via Software Update, and it has appeared on Apple’s Support Downloads Web site as both a delta update (554.4 MB; for use with 10.10.1) and a combo update (840.3 MB; to update from any version of 10.10). OS X 10.10.2 promises the following:

  • Resolves an issue that might cause Wi-Fi to disconnect — unfortunately, many people are still experiencing problems.

  • Resolves an issue that might cause Web pages to load slowly

  • Fixes an issue that could cause Spotlight to load remote email content even when this preference is disabled in Mail

  • Improves audio and video sync when using Bluetooth headphones

  • Adds the capability to browse iCloud Drive in Time Machine

  • Improves VoiceOver speech performance

  • Resolves an issue that could cause VoiceOver to echo characters when entering text on a Web page

  • Addresses an issue that could cause the input method to switch languages unexpectedly

  • Improves stability and security in Safari

In addition, 10.10.2 offers a number of security updates, most notably hardening a variety of 2013 Macs against the Thunderstrike attack that could use Thunderbolt to hijack a Mac (see “Thunderstrike Proof-of-Concept Attack Serious, but Limited,” 9 January 2015). Unfortunately, pre-Yosemite Macs remain vulnerable. 10.10.2 also fixes vulnerabilities in App Store logging, Bluetooth, command-line utilities, font handling, graphics drivers, PDF handling, Spotlight, and more. Safari has also been updated to 8.0.3, which fixes multiple memory corruption issues in WebKit that could allow a malicious Web site to execute code.

If you try to install the update, but are presented with an error saying, “This volume does not meet the requirements for this update,” try downloading the combo update again, since Apple replaced it late in the day of the initial release. If even that doesn’t work, Topher Kessler of MacIssues has a fix that may get it to install correctly.

iOS 8 -- Apple has released iOS 8.1.3 to address a number of bugs, but most notably to reduce the amount of storage required to perform a software update. Ironically, while the over-the-air iOS 8.1.2 update weighed in at 28.2 MB (see “Apple Releases iOS 8.1.2 to Restore Vanishing Ringtones,” 10 December 2014), iOS 8.1.3 is a 247 MB download on an iPhone 6. The download size will vary by device. You can download the update on the device via Settings > General > Software Update or on your computer in iTunes.

Other things that iOS 8.1.3 claims to fix are an issue that prevented some users from entering the Apple ID password for Messages and FaceTime, a bug that caused Spotlight to stop displaying app results, and a glitch that prevented iPads from recognizing multitasking gestures. iOS 8.1.3 also adds new configuration options for standardized education testing.

Security issues fixed by iOS 8.1.3 include PDF vulnerabilities, numerous issues that could cause arbitrary code execution, Web sites being able to bypass the sandbox, and malicious Web sites being able to spoof the UI.

Apple TV -- The third-generation Apple TV has been updated to 7.0.3. It offers no new features, but includes a number of security improvements, mostly identical to those in iOS 8.1.3.

Unrelated to the update, the Apple TV now offers Sports Illustrated’s 120 SPORTS channel, which streams events from MLB, the NBA, the NHL, and others.

 

PDFpen and PDFpenPro 9 add 100+ enhancements to improve your PDF
editing experience, with annotations, Tables of Contents, and more
export options. For PDF reviewing, editing, signing, redacting and
exporting, PDFpen has you covered. <http://smle.us/pdfpen9-tb>
 

Comments about Apple Releases OS X 10.10.2, iOS 8.1.3, and Apple TV 7.0.3
(Comments are closed.)

Arthur Johnson  2015-01-27 16:23
Hoping that one of these updates fixes degraded Touch ID performance, an issue that has plagued me since introduction of iOS 8. One of those unlucky individuals for whom Touch ID initially didn't stick for longer than a few hours, I thought the February 2014 update of iOS 7 banished the problem for good, only to have it buzz back like an undead stinkbug. The iOS dysfunction isn't quite as bad as iOS 7's, allowing my touch ID occasionally to linger overnight. Fingers crossed this update fixes it again.
I thought Apple usually provided security updates for at least one OS X version prior to the currently shipping version.

So why is the Thunderstrike patch only being offered only to Yosemite users (according to the linked security note HT204244) despite the fact that all Retina MBPs are affected, in other words many systems that shipped with Mavericks? As far as I can remember from Trammell's presentation, Thunderstrike didn't require Yosemite.

Is this some sleazy way to force people into upgrading to Yosemite? I sure hope not.
Adam Engst  An apple icon for a TidBITS Staffer 2015-01-28 09:10
It's a good question, and not one I know the answer to yet. If you read the security notes carefully, you see that the patch only helps the 2013 models too.
Good catch! I had completely forgotten there were Retina MBPs already in 2012.
Adam Engst  An apple icon for a TidBITS Staffer 2015-01-28 09:42
Trammell Hudson has posted about this now, noting that pre-Yosemite Macs remain vulnerable. He doesn't say anything about pre-2013 Macs running Yosemite, but I have to assume that there's no change for them.

https://trmm.net/Thunderstrike_FAQ#Is_Thunderstrike_fixed_in_10.10.2.3F
From Trammell's page you linked to:

"All pre-Yosemite machines remain vulnerable to Thunderstrike unless Apple releases firmware updates for them as well."

So Apple, may we please have a security update for at least Mavericks?
Jim Pittman  2015-01-29 10:43
Brand new iPhone6 64 with ios 8.1.2 and today I want to update it to ios 8.1.3 via iTunes on my Yosemete 10.10.2 MacBook Pro and it says ELEVEN HOURS REMAINING!? Can this be for real?
Jim Pittman  2015-01-30 08:36
And after 11 hours the update failed with message to try again later. Well, the phone is working okay with 8.1.2 so I will wait a few days to try again.
Chris Kohuch  2015-01-31 01:36
That seems strange. The update via iTunes while large at around 1.5 GB came down on my connection in under 10 minutes.

Assuming you don't have a slow internet connection, it has been my experience in the past that Apple mirrors the download from various different locations, and sometimes individual sites have issues. Usually all you can do is wait a day or so and try again.

Hopefully everything will work out for you in a day or two. Good luck.
Brian Gibb  An apple icon for a TidBITS Contributor 2015-01-31 09:48
Since upgrading to 10.10.2, I have been experiencing frequent crashes - total failure - the screen goes black, and the computer restarts. Sometimes I get the messages in about 5 languages, sometimes it goes straight to the FileVault login. Triggers included trying to scroll within a long email and trying to use a four finger drag to go to Exposé.
Adam Engst  An apple icon for a TidBITS Staffer 2015-02-02 11:06
That's a kernel panic, and is not a good thing. I'd encourage you to consider reinstalling OS X from scratch to make sure you get a clean install. I doubt it's something inherent to 10.10.2, since we haven't heard widespread reports this, but it could also be a problem with a USB driver or device, or some other software that's left over from the distant past.
Lindsley Williams  An apple icon for a TidBITS Contributor 2015-02-01 15:10
I experienced oddness in two respects after updating both (to 10.10.2 on 2012 Mac Air, 8Mb processor, 512Gb memory chip) and iPhone5 (to iOS 8.1.3 device has 64 Gb):

The iPhone was connected to Air when Air's updating was underway: when Air restarted, iPhono 5 (previously updated) reconnected to Air. But, iPhoto on Air initiaily displayed two images, set right next to each other, of each of the over 1,000 photos I had. Wierd. Restarted Air's iPhoto with same result; next day, duplicates disappeared. Why?

As to iPhone's slightly earlier update, that seemed normal but for a message saying something like "Auto fetch of voice mail [Sprint] greeting failed." Never seen such a message before.
snamdlef  2015-02-02 23:01
After the "upgrade" my iPad and Mac no longer sync calendar and contacts over WiFi. Has that form of syncing been replaced by an iCloud-only process?
I'm having this same issue - iPhone and Mac will not sync calendars now.