Security Update 2015-002 (Mountain Lion, Mavericks, and Yosemite)
Apple has released Security Update 2015-002 for OS X 10.8 Mountain Lion, 10.9 Mavericks, and 10.10 Yosemite. Most noteworthy is the fix for the FREAK vulnerability (short for Factoring RSA Export Keys), which could enable an attacker to intercept SSL/TLS-encrypted traffic and then access or alter communications between the client and server. Security Update 2015-002 also addresses a vulnerability in IOAcceleratorFamily and IOSurface’s handling of serialized objects for all three operating systems. For Yosemite, the Security Update patches leaking kernel addresses and heap permutation values from the mach_port_kobject kernel interface and improves bounds checking for iCloud
Keychain to contain multiple buffer overflows. Security Update 2015-002 is available via Software Update or via direct download from Apple’s Support Downloads Web site. Note that there are two updates available for 10.10 Yosemite — one for Early 2015 Macs (i.e., those announced last week; see “New 12-inch MacBook Joins Updated MacBook Air and MacBook Pro,” 9 March 2015) and one for older Macs. (Free. For 10.8 Mountain Lion, 177.3 MB; for 10.9 Mavericks, 62.3 MB; for 10.10.2 Yosemite, 5.4 MB; and for Yosemite on Early 2015 Macs, 5 MB)
I have installed the Photos beta on my MBA for testing, and it appears that I don't get the security update on that system. I could download the update directly and try to install it, but that sounds like a bad idea. So, I guess I wait for the "official" update to arrive (next month?) for this system.
This latest update was unusual - one iMac got the update without problems, the other wanted me to "set up" my mac after the install - and also installed Pages, Numbers, and Keynote updates that had been released in January, and updated iMovie with exactly the same update for a second time. This is really getting flaky.
David
It's likely that Apple would build the security updates into the next beta, if they aren't already there. But yes, this is one of the downsides of beta testing... :-(