Apple today released Security Update 2015–003 1.0 for users who are running the current publicly available version of Yosemite, OS X 10.10.2. The update includes fixes for iCloud Keychain and an issue that could allow malicious applications to execute code.
- Security Update 2015-003 Yosemite
- Security Update 2015-003 Yosemite (Early 2015 Mac)
Apple recommends that all users download the update, which can be acquired through the Software Update tool in the Mac App Store, or through the links below. According to Apple, the update "improves the security of OS X." There are two different versions available, one for early 2015 Macs and one for earlier Macs.
iCloud Keychain
Available for: OS X Yosemite v10.10.2
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: Multiple buffer overflows existed in the handling of
data during iCloud Keychain recovery. These issues were addressed
through improved bounds checking.
CVE-ID
CVE-2015-1065 : Andrey Belenko of NowSecureIOSurface
Available for: OS X Yosemite v10.10.2
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A type confusion issue existed in IOSurface's handling
of serialized objects. The issue was addressed through additional
type checking.
CVE-ID
CVE-2015-1061 : Ian Beer of Google Project Zero
Today's security update comes 10 days after Apple issued Security Update 2015–002 designed to fix the “FREAK” security flaw that left many devices vulnerable to hacking attempts.
Top Rated Comments
The nvidia drivers look for a specific compatible OS build number.
Hmm, one of the dylib's has "coretls" in the name, could be related to the OpenSSL security flaws announced recently?
http://www.openssl.org/news/secadv_20150319.txt
Seems to me there are no Graphics extensions updated.