Reprinted from TidBITS by permission; reuse governed by Creative Commons license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary on Apple and Internet topics. For free email subscriptions and access to the entire TidBITS archive, visit http://www.tidbits.com/ OS X 10.10.5 Yosemite and iOS 8.4.1 Address Numerous Security Holes Adam C. Engst Apple has released minor updates to both OS X 10.10 Yosemite and iOS 8, calling out just a few general changes in the main release notes, but noting nearly 70 security fixes for OS X and over 40 for iOS. It would seem likely that Apple's release was timed to follow the Black Hat and DEFCON security conferences, where privately reported security vulnerabilities might be made public. Given the number of security fixes, I'd encourage you to install these updates soon, since they're more important than the release notes might imply. OS X -- For Mac users, [1]OS X 10.10.5, which is available via Software Update or via [2]delta (from 10.10.4, 1.02 GB) or [3]combo (from any version of 10.10, 2.12 GB) updaters, has only three items in its release notes: * Improves compatibility with certain email servers when using Mail * Fixes an issue in Photos that prevented importing videos from GoPro cameras * Fixes an issue in QuickTime Player that prevented playback of Windows Media files On the security side, however, [4]Apple lists 69 entries that span the gamut from OS X's Unix apps and utilities to the kernel itself. For the most part, the specifics aren't interesting, but a few are worth calling out. The [5]DYLD_PRINT_TO_FILE vulnerability discovered by [6]Stefan Esser and the CEO of information security firm Grayhash, who goes by [7]@beist on Twitter, has been blocked. That's important because it made it possible for apps to gain root permissions without requiring a password; even more concerning was that it had started to appear in the wild. In addition, previous versions of the Unix sudo utility included in OS X could allow an attacker access to arbitrary files ' that's a bad thing. If you have trouble installing via the App Store app, try the combo updater ' I've seen some reports of installations failing to complete properly and restarting. iOS 8.4.1 -- For those using an iPhone or iPad, [8]iOS 8.4.1 focuses its attention on six fixes related to Apple Music: * Resolves issues that could prevent turning on iCloud Music Library * Resolves an issue that hides added music because Apple Music was set to show offline music only * Provides a way to add songs to a new playlist if there aren't any playlists to choose from * Resolves an issue that may show different artwork for an album on other devices * Resolves several issues for artists while posting to Connect * Fixes an issue where tapping Love doesn't work as expected while listening to Beats 1 But don't get the impression you can pass on installing iOS 8.4.1 if you don't use Apple Music. As with OS X 10.10.5, there are [9]oodles of security fixes ' 43 all told. None of these are particularly notable. As always, you can install iOS 8.4.1 from Settings > General > Software Update on your device, or by connecting it to iTunes. References 1. https://support.apple.com/en-us/HT205004 2. https://support.apple.com/kb/DL1833 3. https://support.apple.com/kb/DL1832 4. https://support.apple.com/en-us/HT205031 5. https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-in-the-wild/ 6. https://twitter.com/i0n1c 7. https://twitter.com/beist 8. https://support.apple.com/kb/DL1818 9. https://support.apple.com/en-us/HT205030 .