Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals
6 comments

OS X 10.10.5 Yosemite and iOS 8.4.1 Address Numerous Security Holes

Apple has released minor updates to both OS X 10.10 Yosemite and iOS 8, calling out just a few general changes in the main release notes, but noting nearly 70 security fixes for OS X and over 40 for iOS. It seems likely that Apple’s release was timed to follow the Black Hat and DEF CON security conferences, where privately reported security vulnerabilities might be made public. Given the number of security fixes, I’d encourage you to install these updates soon, since they’re more important than the release notes might imply.

OS X — For Mac users, OS X 10.10.5, which is available via Software Update or standalone delta (from 10.10.4, 1.02 GB) and combo (from any version of 10.10, 2.12 GB) updaters, has only three items in its release notes:

  • Improves compatibility with certain email servers when using Mail

  • Fixes an issue in Photos that prevented importing videos from GoPro cameras

  • Fixes an issue in QuickTime Player that prevented playback of Windows Media files

On the security side, however, Apple lists 69 entries that span the gamut from OS X’s Unix apps and utilities to the kernel itself. For the most part, the specifics aren’t interesting, but a few are worth calling out. The DYLD_PRINT_TO_FILE vulnerability discovered by Stefan Esser and the CEO of information security firm GrayHash, who goes by @beist on Twitter, has been blocked. That’s important because it made it possible for apps to gain root permissions without requiring a password; even more
concerning was that it had started to appear in the wild. In addition, previous versions of the Unix sudo utility included in OS X could allow an attacker access to arbitrary files — that’s a bad thing.

If you have trouble installing via the App Store app, try the combo updater — I’ve seen some reports of installations failing to complete and retrying repeatedly.

iOS 8.4.1 — For those using an iPhone or iPad, iOS 8.4.1 focuses its attention on six fixes related to Apple Music:

  • Resolves issues that could prevent turning on iCloud Music Library

  • Resolves an issue that hides added music because Apple Music was set to show offline music only

  • Provides a way to add songs to a new playlist if there aren’t any playlists to choose from

  • Resolves an issue that may show different artwork for an album on other devices

  • Resolves several issues for artists while posting to Connect

  • Fixes an issue where tapping Love doesn’t work as expected while listening to Beats 1

But don’t get the impression you can pass on installing iOS 8.4.1 if you don’t use Apple Music. As with OS X 10.10.5, there are oodles of security fixes — 43 all told. None are particularly notable.

As always, you can install iOS 8.4.1 from Settings > General > Software Update on your device, or by connecting it to iTunes.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About OS X 10.10.5 Yosemite and iOS 8.4.1 Address Numerous Security Holes