Apple + Software & Apps

Forget Emojis, Security is the Real Reason You Should Update to OS X 10.10.3

Posted on April 9th, 2015 by

Forget emojis, security is the real reason you should update to OS X 10.10.3
OS X users — it's time to patch your computers.

Many people will be updating their iMac desktops and MacBooks to take advantage of hundreds of new emojis and Apple's long-awaited replacement for iPhoto (imaginatively entitled Photos), but there are more serious reasons why you should be considering freshening your installation of OS X.

It doesn't matter whether you are interested in upgrading to OS X Yosemite 10.10.3 or not, there are Apple security updates waiting for you.

In all, Apple has released patches addressing 80-or-so different security issues — the worst of which could allow an attacker to run malicious code (such as a worm) on your Mac.

Other flaws include important fixes for OpenSSL, which reportedly will prevent hackers intercepting what should be secure communications between Macs and Internet sites and services.

It's a sign of the times that many of the security vulnerabilities were not found by Apple itself, but by third-party researchers working for other companies.

For instance, Yahoo discovered a privilege escalation vulnerability in an Nvidia OS X kernel driver that ships with OS X.

WhirlpoolKenton Varda, a researcher at sandstorm.io, shared some details of one of the kernel vulnerabilities that Apple patched, and how it could have been used to crash the likes of Chrome, Node.js and other apps by sending them into infinite loops.

In his write-up of the flaw, Varda bemoans that Apple's description of the vulnerability was "terse," and goes into some detail of how he discovered it and his appreciation that it has now been fixed.

"Arguably the worst / most interesting part of this problem is that it was a problem inherent in the API. Technically it was not that the kernel was buggy, but that the interface was confusing (and underdocumented) in a way that caused the same bug to manifest in several different apps."

And no write-up of the security fixes in this Apple update would be complete without mentioning Google's contribution.

Researchers at Google Project Zero — who have courted controversy in recent months with a serious of announcements about unpatched security flaws in other vendors' software — were credited by Apple for finding numerous security holes in OS X that are fixed in this update.

Updating Yosemite

Even if you haven't made the switch to OS X Yosemite yet, you're still advised to check out Apple Security Update 2015-004 as it will help you patch earlier versions of OS X (Mavericks and Mountain Lion).

In parallel, Apple released important privacy and security updates for Safari, as well as sneaking a hefty number of security fixes into iOS 8.3 for users of iPhones and iPads.

Even if you're a curmudgeon like me who doesn't understand the appeal of emojis, don't disregard this new update from Apple.

Install it for security reasons, or you'll be the one left without a smiley face.

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →
  • Mr. Joe

    I have a late 2010 MacBook Air, tried Yosemite and had to realize that this older MacBook becomes basically useless since Yosemite seems to take such a huge toll on its performance.

    Is there a way to update to Unicode 7.0 Emojis without having to upgrade the entire fri*king Operating System?