Apple has issued an update to the OS X Yosemite operating system, bringing it up to version 10.10.5.
Although many users will appreciate bug fixes that the company has incorporated into new versions of its Mail, Photos, and QuickTime Player apps, what will interest readers of this blog the most will be the security patches that Apple has rolled out.
Amongst the numerous security fixes incorporated into this update are fixes for issues with WebKit, Safari, Apache, BlueTooth, Kernel, and QuickTime 7.
One of the highest profile security holes patched in the OS X 10.10.5 update is the DYLD_PRINT_TO_FILE privilege escalation exploit, through which a malicious hacker who has already broken into your computer could give themselves system-level powers to cause further harm.
Security researcher, Stefan Esser, published details of the vulnerability alongside proof-of-concept code before telling Apple about the flaw, and in the days that followed we began to see in-the-wild attacks exploiting the security hole.
It’s good to see that Apple has now managed to fix this issue, before more harm is done, rather than waiting until the public release of OS X 10.11 El Capitan.
Sadly, there is no sign in this update of a fix to the so-called Thunderstrike 2 vulnerability, for which security researchers created a proof-of-concept worm to demonstrate how it could spread between MacBooks, infecting firmware.
The typical user might not need to lose much sleep over Thunderstrike 2 just yet, as the research has all been done by members of the security community rather than criminal hackers, and there is no evidence that the vulnerability is being maliciously exploited.
All the same the hysteria over hard-to-detect UEFI chip-infecting malware has hopefully reminded Mac users that they are not magically immune from malware threats, and that it makes sense for them to run an anti-virus program.
Fingers crossed, Apple will release a proper fix for Thunderstrike 2 sooner rather than later.
And, by the way, if you’re not running OS X Yosemite on your Mac don’t think that you don’t have any updating to do.
OS X Mavericks and Mountain Lion users should ensure that they update Safari against a host of security vulnerabilities, even if they aren’t ready or aren’t able to make the jump to OS X 10.10.5. These flaws include remote code execution exploits and a security hole that could assist online criminals in phishing information from unsuspecting users.
Once there, you should see the update if it is available to you, and all you should need to do is click the “Update” button to begin the installation.
To complete the installation, you will have to restart your Mac, so I would recommend choosing a convenient time of day so your work isn’t disrupted too much.