Apple today released Security Update 2015–003 1.0 for users who are running the current publicly available version of Yosemite, OS X 10.10.2. The update includes fixes for iCloud Keychain and an issue that could allow malicious applications to execute code.



- Security Update 2015-003 Yosemite

- Security Update 2015-003 Yosemite (Early 2015 Mac)

Apple recommends that all users download the update, which can be acquired through the Software Update tool in the Mac App Store, or through the links below. According to Apple, the update "improves the security of OS X." There are two different versions available, one for early 2015 Macs and one for earlier Macs.

iCloud Keychain

Available for: OS X Yosemite v10.10.2

Impact: An attacker with a privileged network position may be able

to execute arbitrary code

Description: Multiple buffer overflows existed in the handling of

data during iCloud Keychain recovery. These issues were addressed

through improved bounds checking.

CVE-ID

CVE-2015-1065 : Andrey Belenko of NowSecure IOSurface

Available for: OS X Yosemite v10.10.2

Impact: A malicious application may be able to execute arbitrary

code with system privileges

Description: A type confusion issue existed in IOSurface's handling

of serialized objects. The issue was addressed through additional

type checking.

CVE-ID

CVE-2015-1061 : Ian Beer of Google Project Zero

Today's security update comes 10 days after Apple issued Security Update 2015–002 designed to fix the “FREAK” security flaw that left many devices vulnerable to hacking attempts.