Site icon The Mac Security Blog

Forget Emojis, Security is the Real Reason You Should Update to OS X 10.10.3


OS X users — it’s time to patch your computers.

Many people will be updating their iMac desktops and MacBooks to take advantage of hundreds of new emojis and Apple’s long-awaited replacement for iPhoto (imaginatively entitled Photos), but there are more serious reasons why you should be considering freshening your installation of OS X.

It doesn’t matter whether you are interested in upgrading to OS X Yosemite 10.10.3 or not, there are Apple security updates waiting for you.

In all, Apple has released patches addressing 80-or-so different security issues — the worst of which could allow an attacker to run malicious code (such as a worm) on your Mac.

Other flaws include important fixes for OpenSSL, which reportedly will prevent hackers intercepting what should be secure communications between Macs and Internet sites and services.

It’s a sign of the times that many of the security vulnerabilities were not found by Apple itself, but by third-party researchers working for other companies.

For instance, Yahoo discovered a privilege escalation vulnerability in an Nvidia OS X kernel driver that ships with OS X.

Kenton Varda, a researcher at sandstorm.io, shared some details of one of the kernel vulnerabilities that Apple patched, and how it could have been used to crash the likes of Chrome, Node.js and other apps by sending them into infinite loops.

In his write-up of the flaw, Varda bemoans that Apple’s description of the vulnerability was “terse,” and goes into some detail of how he discovered it and his appreciation that it has now been fixed.

“Arguably the worst / most interesting part of this problem is that it was a problem inherent in the API. Technically it was not that the kernel was buggy, but that the interface was confusing (and underdocumented) in a way that caused the same bug to manifest in several different apps.”

And no write-up of the security fixes in this Apple update would be complete without mentioning Google’s contribution.

Researchers at Google Project Zero — who have courted controversy in recent months with a serious of announcements about unpatched security flaws in other vendors’ software — were credited by Apple for finding numerous security holes in OS X that are fixed in this update.

Even if you haven’t made the switch to OS X Yosemite yet, you’re still advised to check out Apple Security Update 2015-004 as it will help you patch earlier versions of OS X (Mavericks and Mountain Lion).

In parallel, Apple released important privacy and security updates for Safari, as well as sneaking a hefty number of security fixes into iOS 8.3 for users of iPhones and iPads.

Even if you’re a curmudgeon like me who doesn’t understand the appeal of emojis, don’t disregard this new update from Apple.

Install it for security reasons, or you’ll be the one left without a smiley face.

Share this: