Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


   Security Update 2016-002 (Mavericks and Yosemite)

   Agen G. N. Schmitz

   Apple has issued [1]Security Update 2016-002 for OS X 10.9 Mavericks
   and 10.10 Yosemite with a few security fixes that cross over from the
   concurrently released 10.11.4 El Capitan (see '[2]OS X 10.11.4 Improves
   Notes, iBooks, and Live Photo Support,' 21 March 2016). The update
   patches an Apache-related vulnerability associated with processing a
   maliciously crafted .png file that could lead to arbitrary code
   execution, multiple memory corruption issues related to XML, and an
   issue with OpenSSH that could expose an information leak and a buffer
   overflow. (Free. For [3]10.9.5 Mavericks, 370.8 MB; for [4]10.10.5
   Yosemite, 462.1 MB)

References

   1. https://support.apple.com/en-us/HT206167
   2. http://tidbits.com/article/16341
   3. https://support.apple.com/kb/DL1872
   4. https://support.apple.com/kb/DL1871

.