OS X 10.10.5 Yosemite Update Available Now

Aug 13, 2015 - 60 Comments

OS X Yosemite

Apple has released OS X 10.10.5 Yosemite to Mac users, the update aims to “improve the stability, compatibility, and security of your Mac” and is therefore recommended for all users to install on their hardware running OS X Yosemite. Release notes accompanying the update are brief, but the update includes several important security fixes which make the 10.10.5 update particularly important to install.


Users running prior versions of OS X Yosemite can find the update available now from the Mac App Store Updates section, accessible through the  Apple menu. The download weighs in around 1GB and requires a reboot to complete installation. As usual, complete a back up of the Mac before installing any system software updates or changes.

Yosemite users who skipped the OS X 10.10.4 update will find the OS X 10.10.5 update available to download as a larger “Combined” update, which includes the necessary changes and adjustments from the prior release.

OS X 10.10.5 Yosemite Update

OS X Yosemite 10.10.5 Release Notes

The release notes accompanying the download are as follows:

The OS X Yosemite 10.10.5 update improves the stability, compatibility, and security of your Mac, and is recommended for all users.

This update:
• Improves compatibility with certain email servers when using Mail
• Fixes an issue in Photos that prevented importing videos from GoPro cameras
• Fixes an issue in QuickTime Player that prevented playback of Windows Media files

Those who follow security news will be interested to know the security notes accompanying the update mention the DYLD exploit has been patched “A path validation issue existed in dyld. This was addressed through improved environment sanitization.” Further details about the security specific changes can be found here at Apple.com.

With the release of OS X El Capitan 10.11 expected to arrive next month, this will likely be the last update of OS X Yosemite before then.

Separately, Apple has also released iTunes 12.2.2 update, iOS 8.4.1, and a “Security Update 2015-006” for users running OS X Mavericks and OS X Mountain Lion.

Enjoy this tip? Subscribe to the OSXDaily newsletter to get more of our great Apple tips, tricks, and important news delivered to your inbox! Enter your email address below:

Related articles:

Posted by: Paul Horowitz in Mac OS X, News

60 Comments

» Comments RSS Feed

  1. Poet says:

    Has anyone had any problems installing OS X 10.10.5 or is it good to go? Maybe I will just wait for OS X El Capitan next month, what do you think?

    • DCJ001 says:

      El Capitan will not be released next month. If you wait for it, you will need to wait longer.

    • Ryan says:

      And usually OS X doesn’t get to a usable state until it’s .1 / .2 minor releases – so I wouldn’t expect El Capitan to be as stable as Yosemite right now before end of year.

      • Starting with Jaguar, every version of OS X has been usable for me. That’s an awful broad statement to make. If it doesn’t work for you, fine, but let’s not draw that conclusion for everyone else. For the most part, Mac users don’t have to fear updating like Windows users do.

        • Patrick says:

          Exactly. What a narrow minded statement, Ryan.

        • phred says:

          He is right.

          I bought a macbook with OS-X 10.10.2. It has been gathering dust over the lack of usability until just recently. Now I have 1010.5. I will likely never go to 10.11.x. If 10.10.x becomes unusable, I will just install Linux. OS-X has too many problems.

        • BLuvin says:

          I just installed 10.10.5 with a new Nvidia card on my Mac Pro. Love it to death, much more than any windows system that I own. Updates are far less concerning in OS X if you just do a little research, but so many things can go wrong in windows that I don’t have the time to make it my primary OS. Hoping Windows X is better. Regardless, blindly updating to any first edition of new software is like joining the beta team no matter which company made it. Backup, backup, backup – no matter what the upgrade or develop the skills to retrieve your info as necessary.

      • Patrick says:

        I have performed a clean install of every version since OS X 10.3. I have never seen any of the issues people report. It likely has something to do with some software they installed. My installs are always flawless. I haven’t had a kernel panic in over a decade.

        • SecOps says:

          All you have to do is look at the thousands of forum posts on Apple Support Discussion Boards and comments left on websites like this to know that OS X updates and iOS updates are failing far more often than ever before. There was a time I would run software update without thinking about it, that passed a few years ago and now I wait a few days, and if the smoke clears, back up, then run the update.

        • JZ says:

          Patrick,
          I’ve always installed the updates with no issues. This one seems to be having an issue. It says restart is required, but when I click to restart it gives me the error message “updates have changed, click ‘show details’ to see the available updates”. When I click “show details” it brings me back to the update page that says restart is required. Seems like a loop I cannot get out of. Any suggestions for me? Thank you, in advance!

          • Elaine says:

            I’m stuck in the same loop, “needs to restart,” then “Updates have changed.” Any help will be appreciated.

        • Robert says:

          Patrick, I fully accept that your experience of OS X in it’s many flavours has been utopian – it must be wonderful and, where I you, I’d be buying lottery tickets by the bucketload. Can you, however, accept that there are many, many users who are – and have been since Mavericks – experiencing WiFi dropouts that render their expensive purchases next to useless. There are way too many dissenters on the forums for this to be anything other than a software related issue – it is NOT third party software, routers or rogue hardware.

          Apple needs to expend way more energy on distributing clean software and less on the seemingly relentless search for the next killer i whateverthehell product…I, and many others, have experienced excruciating wifi issues from Mavericks onwards and anyone who expects El Cap to be a modern, stable equivalent of Mountain Lion is making a big leap of faith.

    • Simply update via bash!
      1- Open terminal
      2- Type “softwareupdate -i -a” without quotes, then press Enter
      3- Have a coffee :)

    • Eric says:

      It will stop nVIDIA’s drivers (from their website) from working… found out the hard way, auto updates are NOT a good idea.

    • John says:

      Wait for El Capitan, this update is horrible.

      • Patrick says:

        Says one person, you. For MILLIONS of others, it’s just fine.

      • SecOps says:

        I’d wait for OS X El Capitan 10.11.1, the first version will be a buggy dud like usual with OS X .0 releases. In that sense, this being the .5 release is almost certainly more reliable than El Capitan early versions will be, the current beta is sluggish and crashprone, and the final is due out in a month…

    • adrian says:

      i have a problem on macbook pro late 2011 cant control volume keys

    • Richard Chick says:

      I am simply unable to install 10.10.5 on my early 2008 Mac Pro. I started with auto update and the install hung after rebooting with displays on blank white. I then did an option reboot and selected install to get a full clean install. It hung again in the same state. I then did a disk test which it passed. I am now rebooting on another drive with 10.10.4. I’ve been waiting to buy a new Mac Pro but this is disappointing.

  2. Rob says:

    Installed 10.10.5 on my 2011 27″ iMac and 2012 Mac Mini, no trouble at all after indexing was finished.

  3. Eldon Martino says:

    i have a 2010 model will os x 10.10.5 work on my laptop

    • Pixelgraph says:

      I’d say yes, most 2010 laptops will work.

    • Goat Queso says:

      If you have 8GB of RAM and an SSD sure, otherwise it will run slow. I put Yosemite on a 2011 MacBook Air and it turned it into the slowest Mac in the house. Mavericks runs way faster. El Capitan could be good eventually, who knows.

  4. Adnan says:

    I have a problem installing 10.10.5. The install completes fine, but upon restart ‘About this Mac’ still shows I’m on 10.10.4. The AppStore also continues to show i have 10.10.5 update to be installed. This never happened before with 10.10.4 or earlier releases.

  5. FarmerBob says:

    No issues on my 2008 MacPro OctaCore. Although I have been Beta Testing. I have found this release to be a little more responsive than the Beta. Just wish that I could Hide the iTunes update in the App Store. I’m running 11.4 and am more than happy with it. Have 12.x.x on my ElCap install and it’s horrible. Well after iTunes 10.x it got flat and restrictive.
    So . . .

    Am DLing the Combo and will be rerunning it over the whole install to “freshen” it up.

  6. WiFi Junkie says:

    They did something to tweak the WiFi. I live in a housing plan and used to see about 8 wireless connections. I am now seeing over 250 wireless networks available! One of them is my friends and he lives about 4 miles away. So many choices now and so little time…

  7. SecOps says:

    Full security notes for OS X 10.10.5 Yosemite are shown below:

    —-

    About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006
    This document describes the security content of OS X Yosemite v10.10.5 and Security Update 2015-006.
    For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
    For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.
    Where possible, CVE IDs are used to reference the vulnerabilities for further information.
    To learn about other security updates, see Apple security updates.
    OS X Yosemite v10.10.5 and Security Update 2015-006
    apache
    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most serious of which may allow a remote attacker to cause a denial of service.
    Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These were addressed by updating Apache to version 2.4.16.
    CVE-ID
    CVE-2014-3581
    CVE-2014-3583
    CVE-2014-8109
    CVE-2015-0228
    CVE-2015-0253
    CVE-2015-3183
    CVE-2015-3185
    apache_mod_php
    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Multiple vulnerabilities existed in PHP 5.5.20, the most serious of which may lead to arbitrary code execution.
    Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.20. These were addressed by updating Apache to version 5.5.27.
    CVE-ID
    CVE-2015-2783
    CVE-2015-2787
    CVE-2015-3307
    CVE-2015-3329
    CVE-2015-3330
    CVE-2015-4021
    CVE-2015-4022
    CVE-2015-4024
    CVE-2015-4025
    CVE-2015-4026
    CVE-2015-4147
    CVE-2015-4148
    Apple ID OD Plug-in
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able change the password of a local user
    Description: In some circumstances, a state management issue existed in password authentication. The issue was addressed through improved state management.
    CVE-ID
    CVE-2015-3799 : an anonymous researcher working with HP’s Zero Day Initiative
    AppleGraphicsControl
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able to determine kernel memory layout
    Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking.
    CVE-ID
    CVE-2015-5768 : JieTao Yang of KeenTeam
    Bluetooth
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A local user may be able to execute arbitrary code with system privileges
    Description: A memory corruption issue existed in IOBluetoothHCIController. This issue was addressed through improved memory handling.
    CVE-ID
    CVE-2015-3779 : Teddy Reed of Facebook Security
    Bluetooth
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able to determine kernel memory layout
    Description: A memory management issue could have led to the disclosure of kernel memory layout. This issue was addressed with improved memory management.
    CVE-ID
    CVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze Networks
    Bluetooth
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious app may be able to access notifications from other iCloud devices
    Description: An issue existed where a malicious app could access a Bluetooth-paired Mac or iOS device’s Notification Center notifications via the Apple Notification Center Service. The issue affected devices using Handoff and logged into the same iCloud account. This issue was resolved by revoking access to the Apple Notification Center Service.
    CVE-ID
    CVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security Lab (Indiana University), Tongxin Li (Peking University), XiaoFeng Wang (Indiana University)
    Bluetooth
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: An attacker with privileged network position may be able to perform denial of service attack using malformed Bluetooth packets
    Description: An input validation issue existed in parsing of Bluetooth ACL packets. This issue was addressed through improved input validation.
    CVE-ID
    CVE-2015-3787 : Trend Micro
    Bluetooth
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution
    Description: Multiple buffer overflow issues existed in blued’s handling of XPC messages. These issues were addressed through improved bounds checking.
    CVE-ID
    CVE-2015-3777 : mitp0sh of [PDX]
    bootp
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed
    Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks.
    CVE-ID
    CVE-2015-3778 : Piers O’Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project)
    CloudKit
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able to access the iCloud user record of a previously signed in user
    Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling.
    CVE-ID
    CVE-2015-3782 : Deepkanwal Plaha of University of Toronto
    CoreMedia Playback
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
    Description: Memory corruption issues existed in CoreMedia Playback. These were addressed through improved memory handling.
    CVE-ID
    CVE-2015-5777 : Apple
    CVE-2015-5778 : Apple
    CoreText
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
    CVE-ID
    CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team
    CoreText
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
    CVE-ID
    CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team
    curl
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Multiple vulnerabilities in cURL and libcurl prior to 7.38.0, one of which may allow remote attackers to bypass the Same Origin Policy.
    Description: Multiple vulnerabilities existed in cURL and libcurl prior to 7.38.0. These issues were addressed by updating cURL to version 7.43.0.
    CVE-ID
    CVE-2014-3613
    CVE-2014-3620
    CVE-2014-3707
    CVE-2014-8150
    CVE-2014-8151
    CVE-2015-3143
    CVE-2015-3144
    CVE-2015-3145
    CVE-2015-3148
    CVE-2015-3153
    Data Detectors Engine
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Processing a sequence of unicode characters can lead to an unexpected application termination or arbitrary code execution
    Description: Memory corruption issues existed in processing of Unicode characters. These issues were addressed through improved memory handling.
    CVE-ID
    CVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)
    Date & Time pref pane
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Applications that rely on system time may have unexpected behavior
    Description: An authorization issue existed when modifying the system date and time preferences. This issue was addressed with additional authorization checks.
    CVE-ID
    CVE-2015-3757 : Mark S C Smith
    Dictionary Application
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: An attacker with a privileged network position may be able to intercept users’ Dictionary app queries
    Description: An issue existed in the Dictionary app, which did not properly secure user communications. This issue was addressed by moving Dictionary queries to HTTPS.
    CVE-ID
    CVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team
    DiskImages
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges
    Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling.
    CVE-ID
    CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team
    dyld
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A local user may be able to execute arbitrary code with system privileges
    Description: A path validation issue existed in dyld. This was addressed through improved environment sanitization.
    CVE-ID
    CVE-2015-3760 : beist of grayhash, Stefan Esser
    FontParser
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
    CVE-ID
    CVE-2015-3804 : Apple
    CVE-2015-5775 : Apple
    FontParser
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
    CVE-ID
    CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team
    groff
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Multiple issues in pdfroff
    Description: Multiple issues existed in pdfroff, the most serious of which may allow arbitrary filesystem modification. These issues were addressed by removing pdfroff.
    CVE-ID
    CVE-2009-5044
    CVE-2009-5078
    ImageIO
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue existed in the processing of TIFF images. This issue was addressed through improved bounds checking.
    CVE-ID
    CVE-2015-5758 : Apple
    ImageIO
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Visiting a maliciously crafted website may result in the disclosure of process memory
    Description: An uninitialized memory access issue existed in ImageIO’s handling of PNG and TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of PNG and TIFF images.
    CVE-ID
    CVE-2015-5781 : Michal Zalewski
    CVE-2015-5782 : Michal Zalewski
    Install Framework Legacy
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able to execute arbitrary code with root privileges
    Description: An issue existed in how Install.framework’s ‘runner’ binary dropped privileges. This issue was addressed through improved privilege management.
    CVE-ID
    CVE-2015-5784 : Ian Beer of Google Project Zero
    Install Framework Legacy
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able to execute arbitrary code with system privileges
    Description: A race condition existed in Install.framework’s ‘runner’ binary that resulted in privileges being incorrectly dropped. This issue was addressed through improved object locking.
    CVE-ID
    CVE-2015-5754 : Ian Beer of Google Project Zero
    IOFireWireFamily
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A local user may be able to execute arbitrary code with system privileges
    Description: Memory corruption issues existed in IOFireWireFamily. These issues were addressed through additional type input validation.
    CVE-ID
    CVE-2015-3769 : Ilja van Sprundel
    CVE-2015-3771 : Ilja van Sprundel
    CVE-2015-3772 : Ilja van Sprundel
    IOGraphics
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able to execute arbitrary code with system privileges
    Description: A memory corruption issue existed in IOGraphics. This issue was addressed through additional type input validation.
    CVE-ID
    CVE-2015-3770 : Ilja van Sprundel
    CVE-2015-5783 : Ilja van Sprundel
    IOHIDFamily
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A local user may be able to execute arbitrary code with system privileges
    Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling.
    CVE-ID
    CVE-2015-5774 : TaiG Jailbreak Team
    Kernel
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able to determine kernel memory layout
    Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface.
    CVE-ID
    CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam
    Kernel
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able to execute arbitrary code with system privileges
    Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments.
    CVE-ID
    CVE-2015-3768 : Ilja van Sprundel
    Kernel
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A local user may be able to cause a system denial of service
    Description: A resource exhaustion issue existed in the fasttrap driver. This was addressed through improved memory handling.
    CVE-ID
    CVE-2015-5747 : Maxime VILLARD of m00nbsd
    Kernel
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A local user may be able to cause a system denial of service
    Description: A validation issue existed in the mounting of HFS volumes. This was addressed by adding additional checks.
    CVE-ID
    CVE-2015-5748 : Maxime VILLARD of m00nbsd
    Kernel
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able to execute unsigned code
    Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation.
    CVE-ID
    CVE-2015-3806 : TaiG Jailbreak Team
    Kernel
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A specially crafted executable file could allow unsigned, malicious code to execute
    Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files.
    CVE-ID
    CVE-2015-3803 : TaiG Jailbreak Team
    Kernel
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A local user may be able to execute unsigned code
    Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks.
    CVE-ID
    CVE-2015-3802 : TaiG Jailbreak Team
    CVE-2015-3805 : TaiG Jailbreak Team
    Kernel
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges
    Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling.
    CVE-ID
    CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany
    Kernel
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A local user may be able to execute arbitrary code with system privileges
    Description: A path validation issue existed. This was addressed through improved environment sanitization.
    CVE-ID
    CVE-2015-3761 : Apple
    Libc
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution
    Description: Memory corruption issues existed in the TRE library. These were addressed through improved memory handling.
    CVE-ID
    CVE-2015-3796 : Ian Beer of Google Project Zero
    CVE-2015-3797 : Ian Beer of Google Project Zero
    CVE-2015-3798 : Ian Beer of Google Project Zero
    Libinfo
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
    Description: Memory corruption issues existed in handling AF_INET6 sockets. These were addressed by improved memory handling.
    CVE-ID
    CVE-2015-5776 : Apple
    libpthread
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able to execute arbitrary code with system privileges
    Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking.
    CVE-ID
    CVE-2015-5757 : Lufeng Li of Qihoo 360
    libxml2
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service
    Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2.
    CVE-ID
    CVE-2012-6685 : Felix Groebert of Google
    CVE-2014-0191 : Felix Groebert of Google
    libxml2
    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
    Description: A memory access issue existed in libxml2. This was addressed by improved memory handling
    CVE-ID
    CVE-2014-3660 : Felix Groebert of Google
    libxml2
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
    Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling.
    CVE-ID
    CVE-2015-3807 : Apple
    libxpc
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able to execute arbitrary code with system privileges
    Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking.
    CVE-ID
    CVE-2015-3795 : Mathew Rowley
    mail_cmds
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A local user may be able to execute arbitrary shell commands
    Description: A validation issue existed in the mailx parsing of email addresses. This was addressed by improved sanitization.
    CVE-ID
    CVE-2014-7844
    Notification Center OSX
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A malicious application may be able to access all notifications previously displayed to users
    Description: An issue existed in Notification Center, which did not properly delete user notifications. This issue was addressed by correctly deleting notifications dismissed by users.
    CVE-ID
    CVE-2015-3764 : Jonathan Zdziarski
    ntfs
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A local user may be able to execute arbitrary code with system privileges
    Description: A memory corruption issue existed in NTFS. This issue was addressed through improved memory handling.
    CVE-ID
    CVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze Networks
    OpenSSH
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Remote attackers may be able to circumvent a time delay for failed login attempts and conduct brute-force attacks
    Description: An issue existed when processing keyboard-interactive devices. This issue was addressed through improved authentication request validation.
    CVE-ID
    CVE-2015-5600
    OpenSSL
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg, the most serious of which may allow a remote attacker to cause a denial of service.
    Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg.
    CVE-ID
    CVE-2015-1788
    CVE-2015-1789
    CVE-2015-1790
    CVE-2015-1791
    CVE-2015-1792
    perl
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Parsing a maliciously crafted regular expression may lead to disclosure of unexpected application termination or arbitrary code execution
    Description: An integer underflow issue existed in the way Perl parsed regular expressions. This issue was addressed through improved memory handling.
    CVE-ID
    CVE-2013-7422
    PostgreSQL
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: An attacker may be able to cause unexpected application termination or gain access to data without proper authentication
    Description: Multiple issues existed in PostgreSQL 9.2.4. These issues were addressed by updating PostgreSQL to 9.2.13.
    CVE-ID
    CVE-2014-0067
    CVE-2014-8161
    CVE-2015-0241
    CVE-2015-0242
    CVE-2015-0243
    CVE-2015-0244
    python
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Multiple vulnerabilities existed in Python 2.7.6, the most serious of which may lead to arbitrary code execution
    Description: Multiple vulnerabilities existed in Python versions prior to 2.7.6. These were addressed by updating Python to version 2.7.10.
    CVE-ID
    CVE-2013-7040
    CVE-2013-7338
    CVE-2014-1912
    CVE-2014-7185
    CVE-2014-9365
    QL Office
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Parsing a maliciously crafted Office document may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue existed in parsing of Office documents. This issue was addressed through improved memory handling.
    CVE-ID
    CVE-2015-5773 : Apple
    QL Office
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information
    Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing.
    CVE-ID
    CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.
    Quartz Composer Framework
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue existed in parsing of QuickTime files. This issue was addressed through improved memory handling.
    CVE-ID
    CVE-2015-5771 : Apple
    Quick Look
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Searching for a previously viewed website may launch the web browser and render that website
    Description: An issue existed where QuickLook had the capability to execute JavaScript. The issue was addressed by disallowing execution of JavaScript.
    CVE-ID
    CVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole
    QuickTime 7
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution
    Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.
    CVE-ID
    CVE-2015-3772
    CVE-2015-3779
    CVE-2015-5753 : Apple
    CVE-2015-5779 : Apple
    QuickTime 7
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution
    Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.
    CVE-ID
    CVE-2015-3765 : Joe Burnett of Audio Poison
    CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos
    CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos
    CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos
    CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos
    CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos
    CVE-2015-5751 : WalkerFuz
    SceneKit
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution
    Description: A heap buffer overflow existed in SceneKit’s handling of Collada files. This issue was addressed through improved input validation.
    CVE-ID
    CVE-2015-5772 : Apple
    SceneKit
    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4
    Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
    Description: A memory corruption issue existed in SceneKit. This issue was addressed through improved memory handling.
    CVE-ID
    CVE-2015-3783 : Haris Andrianakis of Google Security Team
    Security
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A standard user may be able to gain access to admin privileges without proper authentication
    Description: An issue existed in handling of user authentication. This issue was addressed through improved authentication checks.
    CVE-ID
    CVE-2015-3775 : [Eldon Ahrold]
    SMBClient
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
    Description: A memory corruption issue existed in the SMB client. This issue was addressed through improved memory handling.
    CVE-ID
    CVE-2015-3773 : Ilja van Sprundel
    Speech UI
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Parsing a maliciously crafted unicode string with speech alerts enabled may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue existed in handling of Unicode strings. This issue was addressed by improved memory handling.
    CVE-ID
    CVE-2015-3794 : Adam Greenbaum of Refinitive
    sudo
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9, the most serious of which may allow an attacker access to arbitrary files
    Description: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9. These were addressed by updating sudo to version 1.7.10p9.
    CVE-ID
    CVE-2013-1775
    CVE-2013-1776
    CVE-2013-2776
    CVE-2013-2777
    CVE-2014-0106
    CVE-2014-9680
    tcpdump
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most serious of which may allow a remote attacker to cause a denial of service.
    Description: Multiple vulnerabilities existed in tcpdump versions prior to 4.7.3. These were addressed by updating tcpdump to version 4.7.3.
    CVE-ID
    CVE-2014-8767
    CVE-2014-8769
    CVE-2014-9140
    Text Formats
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Parsing a maliciously crafted text file may lead to disclosure of user information
    Description: An XML external entity reference issue existed with TextEdit parsing. This issue was addressed through improved parsing.
    CVE-ID
    CVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team
    udf
    Available for: OS X Yosemite v10.10 to v10.10.4
    Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges
    Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling.
    CVE-ID
    CVE-2015-3767 : beist of grayhash
    OS X Yosemite v10.10.5 includes the security content of Safari 8.0.8.
    Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.
    Last Modified: Aug 12, 2015

  8. tux101 says:

    Thanks! Was a great and thorough explanation of whats new! Everyone should read it.

  9. John says:

    This update is terrible. Especially the iTunes update, turned my speedy computer into a pos.

  10. Mark says:

    When are apple going to start doing the simple useful stuff like on the desktop iTunes when I’m in show album mode and start scroll down I want an osx style alphabet to pop up then I can jump to the T’s without have to scroll page after page after page to get down there. Hell no apple are more interested in making farting noises on a siri command.

  11. Dan says:

    To all of those who are complaining that the update slows the Mac down, don’t forget about the indexing! The OS will run a load of cleanup and indexing once it has rebooted. You won’t get back to normal speed for a couple of hours. I always run the updates last thing and leave it to stand overnight. Works as expected come the morning.

  12. Joe says:

    WOW! Apple finally got around to optimizing their OS. There hasn’t been an optimized version OS X since 10.6.8. Memory usage dropped by about 40% here (11″ MacBook Air 2010) and no more spinning wheel of frustration. I’m surprised!

  13. John says:

    I have been reading about the issue with wi-Fi speeds crashing. I have a Mac Pro 2012. Typically I can get 200 mbps (wireless) on my Time Warner service. So what is happening is somehow throughout the day something is changing the Plist’s in /Library/Preferences/SystemConfiguration/
    file. preferences; This one specifically. I delete it and all is fine. A few hour’s later, it changes and I am back from 200 mbps to 70 mbps. This has to be what everybody is talking about regarding slow wifi with Yosemite. I am now at 10.10.5

    Whoever answers this could be a GOD to the forum’s talking about drastically reduced wifi speeds with upgrades!

    these are the other file but they don’t seem to be part of the problem I think!
    com.apple.airport.preferences.plist-new,
    com.apple.airport.preferences;
    com.apple.wifi.message-tracer.

    • trya says:

      Try disabling Bluetooth, for some users that makes their wi-fi speeds accelerate in OS X. Also be sure there are no conflicting networks on the same wi-fi channel.

      Troubleshooting network issues in OS X Yosemite (and El Capitan) has been a mess for many Mac users, Apple hasn’t entirely figured it out either, thus the constant updates to attempt to address it. You can bet 10.11.1 will include ‘wifi fixes’, heh.

  14. Andrew says:

    Has anyone else noticed a problem with the backlit keyboard on their Macbook after updating?

    Mine remains dark after starting to type now. It’ll come on if I hit one of the brightness control keys, but not any of the normal keys.

    It’s annoying since, as an audio engineer, I often use my Macbook in very dark environments.

  15. Brahim says:

    Where can i download os x mountain lion free

  16. eleeziaa says:

    My sound wont work now!!! My external speakers just wont show up in the devices listed now. I have no idea how to fix it

  17. AndyLynn says:

    MacBook Pro (13inch, mid-2010)
    10.10.1 had *no* wifi, but 10.10.5 has wifi on 1 out of 3 boots, so i guess that’s an improvement? fab?

    but a new “symptom” – Grey-Screen-Of-Death if left up overnight. (yes – i installed via COMBO used-to-be-goodness.)

    once ran Mac’s as user-facing machines & linux as servers.
    but think i need to change that mix now to all linux.

    bye bye Apple (dev since the MacPlus – no more, too sucky.)

  18. Wally Ingebritson says:

    A few days ago I upgraded to Yosemite on the external drive (1T) I was running my new Macbook Pro 13 (2012 version) from (internal drive corrupted a few days before, mysteriously), and it all worked until I then updated to 10.10.5. Within a minute or so (it seemed like) the system shut off and now my external drive verifies/repairs in recovery mode as OK in Disk Utility but greyed out and won’t mount. I erased my internal drive and reinstalled Yosemite but want to transfer files and info from my unmountable external drive. Any way to do this? Or am I looking at purchasing a data recovery program?

  19. Philippe says:

    I have met a trouble with the update from OSX.10.10.3
    After downloading and installing and rebooting the apple progress bar goes up to half then i get a white screen. Not in hurry i let it run about a night but on morning it was still on the white screen. I reinstaled from my time capsul the last backup dating just befor the update and i recovered. Doing a second attempt i got the same issue again but waited about a full day. I am reinstalling again from my last backup. Meanwhile i read somwhere that somone got the update sucessfull after more than 48 hours… Is anyone had the same issue and how did you solve it?

  20. Ron says:

    I just updated my 2008 MacBook Unibody from 10.10.4 to 10.10.5 via the App Store yesterday. Black screen on restart; no backlight or images; attempted PRAM and SMC reset. External monitor works.

  21. steve smithson says:

    Just a regular mac user who suffered from my macbook air hanging on boot. Tried all the suggestions like PRAM and everything else to no avail. Booted in safe mode and updated to El Capitan from the app store and that appears to have fixed the issue.

Leave a Reply

 

Shop for Apple & Mac Deals on Amazon.com

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates