Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


   Security Update 2015-005

   Agen G. N. Schmitz

   Apple has issued [1]Security Update 2015-005 for OS X 10.8 Mountain
   Lion and 10.9 Mavericks, mirroring many of the security fixes that are
   included with the concurrently released 10.10.4 Yosemite (see "[2]Apple
   Improves Networking in OS X 10.10.4," 30 June 2015). The lengthy list
   of patched vulnerabilities include multiple memory corruption issues in
   QuickTime, an integer overflow in the Security framework code for
   parsing S/MIME e-mail, the handling of filenames of photos added to the
   local photo library, a memory corruption issue in the Bluetooth HCI
   interface, and intermediate certificates incorrectly issued by the
   certificate authority CNNIC (China Internet Network Information Center,
   which manages the .cn domain; see Glenn Fleishman's [3]Macworld article
   on today's security updates for more about the CNNIC vulnerability).
   Security Update 2015-005 is available via Software Update or via direct
   download from Apple's Support Downloads Web site. (Free. For [4]10.8.5
   Mountain Lion, 207 MB; for [5]10.9.5 Mavericks, 160 MB)

References

   1. https://support.apple.com/en-us/HT204942
   2. http://tidbits.com/article/15763
   3. http://www.macworld.com/article/2942720/apple-releases-tons-of-security-updates-for-recent-flaws-and-exploits.html
   4. https://support.apple.com/kb/DL1826
   5. https://support.apple.com/kb/DL1825

.