Security Update 2015-005 for OS X Mavericks & Mountain Lion Available
Mac users on OS X Mavericks 10.9.5 and OS X Mountain Lion 10.8.5 will find two important software updates available to them, labeled as Security Update 2015-005 and Mac EFI Security Update 2015-001. The updates include patches and fixes to significant potential security issues and are therefore recommended for all Mac users running Mavericks and Mountain Lion to install. For Macs running Yosemite, the OS X Yosemite 10.10.4 update includes the same set of security fixes, and a separate update is not required.
Mac users running OS X 10.9 and OS X 10.8 will be able to find the EFI update and Security Update available now in the Software Update mechanism of OS X, accessible from the Apple menu > Software Update. The Mac will need to reboot to complete the installation. As always, back up a Mac before performing any system software update.
The individual security updates can also be downloaded directly from Apple at the links below:
The release notes for Security Update 2015-005 are rather long but can be read here on Apple.com.
Meanwhile, release notes for the EFI update are fairly brief, as follows:
Mac EFI Security Update 2015-001
• EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application with root privileges may be able to modify EFI flash memory Description: An insufficient locking issue existed with EFI flash when resuming from sleep states. This issue was addressed through improved locking. CVE-ID CVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaça
• EFI Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may induce memory corruption to escalate privileges Description: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates. CVE-ID CVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014)
i have a second hand mac with a firmware lock, EFI password, and apple will not assist because i don’t have a receipt. Call it a long shot but i’m actually trying to take advantage of this flaw since the computer had not been updated yet. it’s been down for about a week, no boot drive found (thanks boot camp), and i can’t get it to boot in any mode, safe, single, target, nothing. if anyone can assist with removing that lock via this vulnerability or another i would appreciate it. all i need to do is reboot holding option and select the mac HD and i can’t even do that.
skarychinezeguie@gmail.com
I just updated the EFI security update 2015-001 and my internet has become so incredibly slow. Not sure what to do.
“I just updated the EFI security update 2015-001 and my internet has become so incredibly slow. Not sure what to do.”
Reset NVRAM and might as well do SMC. That will probably fix it. Otherwise it’s unrelated to the update like maybe your DNS server changed etc.
In my case, the update loaded downloaded, though slow a molasses. When I clicked install, I got a message that the stautus on the Appstore had changed. When I clicked install, the download started all over. When done the same problem.
The download via Terminal worked OK.
I just updated in mid 2007 iMac running Mavericks (I know, still going strong) and now the back page gesture in Safari hangs at the beginning of the animation and Safari has to be shut down and restarted. Restarted my system a few times to no avail. Any ideas?
Could try deleted your Safari prefs or resetting Safari. Make sure you have all the Apple Software updates installed. Repair permissions with Disk Utility. Get the combo updater for latest Mavericks which is what 10.9.5 I believe and run it.
I have machines running 10.8.5 and they won’t try to install the EFI update. They are older Macs, June 2009 and Mid 2011 iMacs. If I try and run the EFI update it says its not needed.
I still have to test the 2009 models to see if they are still vulnerable after sleep. I know the 2011 models are.
Well don’t try to update the EFI on a Mac where it’s not supported, obviously. Not all Macs need the update, only some are requiring it.
Only install software that is compatible with your Mac.
The 2009 iMacs we have must not be vulnerable. The 2011’s are and the update is showing on them now for some reason. All seems good now.