Patch/Configuration Management, Vulnerability Management

Apple OS X Yosemite contains bug fixes, Security Update also released

Apple's Thursday launch of OS X Yosemite 10.10 includes fixes for more than 40 vulnerabilities, including a flaw known as POODLE, which can enable an attacker to decrypt data protected by SSL, and another known as Shellshock, or Bash bug, which can allow a remote attacker to execute arbitrary shell commands.

Among the other vulnerabilities being addressed in Yosemite 10.10 are a buffer overflow in QuickTime that can enable arbitrary code execution, two issues in Safari and one flaw in Bluetooth, as well as other bugs that can enable theft of WiFi credentials, denial-of-service and more.

For those who are not upgrading to Yosemite just yet, Apple released Security Update 2014-005 for OS X Mountain Lion and OS X Mavericks on Thursday, which also contains fixes for POODLE and Shellshock.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.