The Mac Security Blog

Apple + Security News

OS X Yosemite 10.10.1 Update Patches Four Flaws

Posted on by

OS X Yosemite 10.10.1 Security Update

This week, along with iOS 8.1.1 and Apple TV 7.0.2, Apple released OS X Yosemite 10.10.1 offering stability enhancements, security updates, and other bug fixes. The update for the Mac operating system patches four security flaws altogether, addressing privacy flaws and a vulnerability related to arbitrary code execution.

This update is available for OS X Yosemite 10.10.

In addition to security bug fixes, Yosemite 10.10.1 includes stability enhancements and addresses Wi-Fi reliability issues, as described by Joseph Keller over at iMore:

This update fixes Wi-Fi issues with Yosemite, as well as connections with Microsoft Exchange servers. Additionally, sending messages from certain email providers is now more reliable, and so is connecting to a remote computer via Back to My Mac.

OS X Yosemite 10.10.1 addresses the following vulnerabilities, according to Apple’s security notice:

  • CVE-2014-4460 : Website cache may not be fully cleared after leaving private browsing. A privacy issue existed where browsing data could remain in the cache after leaving private browsing. This issue was addressed through a change in caching behavior.
  • CVE-2014-4453 : Unnecessary information is included as part of the initial connection between Spotlight or Safari and the Spotlight Suggestions servers. The initial connection made by Spotlight or Safari to the Spotlight Suggestions servers included a user’s approximate location before a user entered a query. This issue was addressed by removing this information from the initial connection and only sending the user’s approximate location as part of queries.
  • CVE-2014-4458 : Unnecessary information is included as part of a connection to Apple to determine the system model. The request made by About This Mac to determine the model of the system and direct users to the correct help resources included unnecessary cookies. This issue was addressed by removing cookies from the connection.
  • CVE-2014-4459 : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. A use after free issue existed in the handling of page objects. This issue was addressed through improved memory management.

OS X Yosemite Mac users can upgrade to Yosemite 10.10.1 from the Apple menu > Software Update, or by opening the Mac App Store and clicking the Update icon at the top right.