Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


   Security Update 2015-001 (Mountain Lion, Mavericks, and Yosemite)

   Agen G. N. Schmitz

   Apple has released [1]Security Update 2015-002 for OS X 10.8 Mountain
   Lion, 10.9 Mavericks, and 10.10 Yosemite. Most noteworthy is the fix
   for the FREAK vulnerability (short for Factoring attack on RSA-EXPORT
   Keys), which could enable an attacker to intercept SSL/TLS-encrypted
   traffic to then access or alter communications between client and
   server. Security Update 2015-002 also addresses a vulnerability in
   IOAcceleratorFamily and IOSurface's handling of serialized objects for
   all three operating systems. For Yosemite, the Security Update patches
   leaking kernel addresses and heap permutation values from the
   mach_port_kobject kernel interface and improves bounds checking for
   iCloud Keychain to contain multiple buffer overflows. Security Update
   2015-002 is available via Software Update or via direct download from
   Apple's Support Downloads Web site. Note that there are two updates
   available for 10.10 Yosemite ' one for Early 2015 Macs (i.e., those
   announced yesterday; see '[2]New 12-inch MacBook Joins Updated MacBook
   Air and MacBook Pro,' 9 March 2015) and one for older Macs. (Free. For
   [3]10.8 Mountain Lion, 177.3 MB; for [4]10.9 Mavericks, 62.3 MB; for
   [5]10.10.2 Yosemite, 5.4 MB; and for [6]Yosemite on Early 2015 Macs, 5
   MB)

References

   1. https://support.apple.com/en-us/HT204413
   2. http://tidbits.com/article/15473
   3. https://support.apple.com/kb/DL1798
   4. https://support.apple.com/kb/DL1797
   5. https://support.apple.com/kb/DL1796
   6. https://support.apple.com/kb/DL1795

.