Security & Privacy + Security News

OS X Yosemite 10.10.5 Released — Fixing Numerous Security Holes

Posted on August 14th, 2015 by

OS X Yosemite 10.10.5

Apple has issued an update to the OS X Yosemite operating system, bringing it up to version 10.10.5.

Although many users will appreciate bug fixes that the company has incorporated into new versions of its Mail, Photos, and QuickTime Player apps, what will interest readers of this blog the most will be the security patches that Apple has rolled out.

Amongst the numerous security fixes incorporated into this update are fixes for issues with WebKit, Safari, Apache, BlueTooth, Kernel, and QuickTime 7.

One of the highest profile security holes patched in the OS X 10.10.5 update is the DYLD_PRINT_TO_FILE privilege escalation exploit, through which a malicious hacker who has already broken into your computer could give themselves system-level powers to cause further harm.

Security researcher, Stefan Esser, published details of the vulnerability alongside proof-of-concept code before telling Apple about the flaw, and in the days that followed we began to see in-the-wild attacks exploiting the security hole.

Proof of concept code

It's good to see that Apple has now managed to fix this issue, before more harm is done, rather than waiting until the public release of OS X 10.11 El Capitan.

Sadly, there is no sign in this update of a fix to the so-called Thunderstrike 2 vulnerability, for which security researchers created a proof-of-concept worm to demonstrate how it could spread between Macbooks, infecting firmware.

Thunderstrike 2

The typical user might not need to lose much sleep over Thunderstrike 2 just yet, as the research has all been done by members of the security community rather than criminal hackers, and there is no evidence that the vulnerability is being maliciously exploited.

All the same the hysteria over hard-to-detect UEFI chip-infecting malware has hopefully reminded Mac users that they are not magically immune from malware threats, and that it makes sense for them to run an anti-virus program.

Fingers crossed, Apple will release a proper fix for Thunderstrike 2 sooner rather than later.

And, by the way, if you're not running OS X Yosemite on your Mac don't think that you don't have any updating to do.

OS X Mavericks and Mountain Lion users should ensure that they update Safari against a host of security vulnerabilities, even if they aren't ready or aren't able to make the jump to OS X 10.10.5. These flaws include remote code execution exploits and a security hole that could assist online criminals in phishing information from unsuspecting users.

App StoreIf you're ready to install OS X Yosemite 10.10.5, enter the App Store app and click on the Updates tab.

Once there, you should see the update if it is available to you, and all you should need to do is click the "Update" button to begin the installation.

To complete the installation, you will have to restart your Mac, so I would recommend choosing a convenient time of day so your work isn't disrupted too much.

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →
  • OhioNick

    I have a late ’09 MacBook with 10.10.5 and have been seeing lockup issues with both Safari and Firefox. I’ve gone through and run a repair on permissions and am now able to use the system. I checked for core files and none exist. It would take a hard shutdown to bring the system back to life. The last time, after it came back, I immediately shut it down via the login screen and then ran the permissions repair.
    I have about 65gb left on my 256gb drive and perform regular backups.
    I run 8gb RAM which has never been an issue.
    Any clues? This has just begun since upgrading to 10.10.5.
    Thx!

  • Matt Anderson

    this update totally messed up my bluetooth. Won’t discover or connect to the mouse. Say it is one but icon show it is off.

    Any thoughts?

    • http://ingjermedia.no/ Per-Erik Ingjer

      My bluetooth keyboard went apeshit with this update. Keeps messing up and holding down last pressed key etc.

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}