Apple has patched two security bugs (CVEs) in OS X Yosemite today with the release of Security Update 2015-003. The security update addresses flaws in iCloud Keychain in Apple OS X through 10.10.2, as well as other flaws related to arbitrary code execution affecting IOSurface.
Security Update 2015-003 is available for OS X Yosemite 10.10.2.
Apple’s security notice describes the patched vulnerabilities as follows:
OS X Yosemite users can update through Apple’s Software Update tool by choosing Apple menu > Software Update when you’re ready to install, or you can go directly to Apple’s support page to download the updates from there.
Note that Security Update 2015-003 also includes the content of Security Update 2015-002, which offered patches for the FREAK vulnerability for OS X, Apple TV and iOS.