Security Update 2015-002 (Mountain Lion, Mavericks, and Yosemite)

Apple has released Security Update 2015-002 for OS X 10.8 Mountain Lion, 10.9 Mavericks, and 10.10 Yosemite. Most noteworthy is the fix for the FREAK vulnerability (short for Factoring RSA Export Keys), which could enable an attacker to intercept SSL/TLS-encrypted traffic and then access or alter communications between the client and server. Security Update 2015-002 also addresses a vulnerability in IOAcceleratorFamily and IOSurface’s handling of serialized objects for all three operating systems. For Yosemite, the Security Update patches leaking kernel addresses and heap permutation values from the mach_port_kobject kernel interface and improves bounds checking for iCloud
Keychain to contain multiple buffer overflows. Security Update 2015-002 is available via Software Update or via direct download from Apple’s Support Downloads Web site. Note that there are two updates available for 10.10 Yosemite — one for Early 2015 Macs (i.e., those announced last week; see “New 12-inch MacBook Joins Updated MacBook Air and MacBook Pro,” 9 March 2015) and one for older Macs. (Free. For 10.8 Mountain Lion, 177.3 MB; for 10.9 Mavericks, 62.3 MB; for 10.10.2 Yosemite, 5.4 MB; and for Yosemite on Early 2015 Macs, 5 MB)