Internet Security For Mac Yosemite

Shop Webroot Antivirus Protection and Internet Security – Software (6 Devices) (2-Year Subscription) Mac, Windows at Best Buy. Find low everyday prices and buy online for delivery or in-store pick-up. You can buy Intego Mac Internet Security X9 for £ 34.99/$34.99 for one Mac for a year thanks to the current discount which knocks £15 off the usual price. Read our Intego Mac Internet Security. Internet Explorer for Mac OS X (also referred to as Internet Explorer for Macintosh, Internet Explorer Macintosh Edition, Internet Explorer:mac or IE:mac) is a discontinued proprietary web browser developed by Microsoft for the Macintosh platform to browse web pages. Initial versions were developed from the same code base as Internet Explorer for Windows. If you’ve just switched to Mac from Windows, you might be surprised to find that Internet Explorer for Mac doesn’t exist. The problem for Mac users is that some websites such as corporate intranets, HR and banking sites still require Internet Explorer to access them. Microsoft has since replaced IE on Windows with Microsoft Edge and the good news is that Microsoft Edge for Mac is now. Yosemite boasts lots of new features that make your Mac more useful than ever—especially in combination with your iPhone or iPad. Apple has put a lot of thought into its security and privacy. Intego Mac Internet Security X9 scores well in lab tests using Mac malware, and it offers firewall protection. But it fails against Windows malware and lacks protection against dangerous URLs.

Do you need a Mac OS X Yosemite Download for your older or unsupported mac? Well, you have come to the right place. I will be uploading different versions over the coming weeks on Just Apple Stuff. I had a lot of trouble when I was looking for my older 2006 Macbook.

Watch the Mac OS X Yosemite launch video here:

Download Mac OS X Yosemite from our server

Where to download Yosemite without an Apple ID? We uploaded Mac OS X 10.10 to our server for high downloading speed.

Mac OS X Yosemite Download:

File Type: .DMG

Operating Systems Supported: Windows & Mac OS & Android & iOS; System Requirements: Microsoft Windows 7, 8, 8.1, or 10 with 2 GB of disk space and internet connection for auto updates macOS 10.10 (Yosemite) or newer with 500 MB disk space and internet connection for auto updates Android 5 (Lollipop) or newer iPhone/iPad iOS 10 or newer.

File Size: 5.33GB

Yosemite Direct Download: Direct Download

Yosemite Torrent Download:

Note: Let Us Know In comments if any link is not working, We will update ASAP.

Mac OS X Yosemite 10.10 is another product in Apple’s line of Mac OS X. Apple, in its line of amazing Mac OX titles, launched the Mac OS Yosemite 10.10 which took the world by storm. It new improved features allow even greater synchronization between iPhones and Macs when using the Internet.

It includes a Wi-Fi and Bluetooth 4.0 integration and introduction of FaceTime on computers. The users can make telephone calls directly from Mac through a local network connection.

How to Download Apple Mac OSX 10.10 Yosemite?

You can get the Mac OS X Yosemite Download directly from our site. Apple Mac OSX 10.10 Yosemite, the user doesn’t need to have the previous version. Secondly, a lot of the Mac applications will require updates as well. Mac OS X obviously is the supporting operating system.

There are different ways to download Mac OSX 10.10 Yosemite on different computer brands. We’ve compiled the steps for a Mac as well for Windows.

Downloading Apple Mac OSX 10.10 Yosemite from Apple Store

The users can still find Mac OS X Yosemite Download here and its available for free download.
After the completion of the download, the OZX Yosemite Installer will appear on “/Applications”. If the user wants to get nstallESD.DMG’, then they can follow the below steps.

1. Go to “Application”.
2. Click on “OS X Yosemite”.
3. Click on the “Show Package Contents” option.

Download Apple Mac OSX 10.10 Yosemite on a Windows PC

The user will need to download the following Mac OS X Yosemite Download, UniBeast, and Multibeast. Also, id required then DSDT. The need for an account on tonymacx86 is needed before downloading the above files, excluding Yosemite. For those who don’t, they can make theirs by registering themselves here: http://www.tonymacx86.com/register.php. Remember, the files need to be unzipped as well.

Create A Bootable Yosemite USB

Step 1: The user will need to download OSX Yosemite from the link is given above in the article.

Step 2: The user will need to make a USB Drive that is bootable. To get that, the following needs to be done.

a)Insert a high memory USB Drive. Go to Open>Applications>Utilities>Disk Utility. Choose your USB option here.

b)Click on “Current” and select “1Partition”, on the Partition Tab on your computer.

c)Click on Options>Master Boot Record.

d)Fill in the following information under each field.
i. Name: USB
ii. Format: Mac OS Extended (Journaled)

e)Click on Apply>Partition.
f)From your desktop, open “UniBeast”. Keep clicking on “Continue” three times and then click on “Agree”.

Internet Security For Mac Yosemite National Park

g)Select USB>Continue, at Destination Select.

h)On the “Select OS Installation” option, choose “Yosemite”. Click on “Continue”.

i)Choose “Laptop Support” if using a laptop or “Legacy USB Support” if using a 5 or 6 Series System. Click on “Continue”.

j)Click on “Install” after entering the password.
A bootable USB drive will be created by UniBeast. After completion, add your MultiBeast folder in the USB drive.

Step 3: The user will then need to boot in the USB Drive after the above steps.
a)After turning on the computer, the user will need to choose the boot device (F8 or F12 key).
b)Click on “USB-HDD”. At the Chimera Boot Screen, click on USB>Enter.

Step 4: Here, the user will need to install Mac OSX 10.10 Yosemite. After getting to the Installer, follow the steps below.

a)On the top menu bar, select Utilities>Disk Utility. Then choose your target hard drive for the installation.

b)Click on Partition>Current>1 Partition>Options>GUID Partition Method.
c)Fill in the following information in the respective fields.
i. Name: Yosemite
ii. Format: Mac OS Extended (Journaled)

d)Click on “Apply”.

e)Click on “Partition”. Close “Disk Utility”.

f)You’ll be asked the location to install. Choose “OSX”. (or, your previous install if you’re upgrading)

g)At the Chimera Boot Screen, choose your new “OSX” installation. Follow by complete the entire process.

Step 5: Lastly, the user will need to finalize the installation with MultiBeast as per the needed options.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other security updates, see Apple security updates.

OS X Yosemite v10.10.5 and Security Update 2015-006

  • apache

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most serious of which may allow a remote attacker to cause a denial of service.

    Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These were addressed by updating Apache to version 2.4.16.

    CVE-ID

    CVE-2014-3581

    CVE-2014-3583

    CVE-2014-8109

    CVE-2015-0228

    CVE-2015-0253

    CVE-2015-3183

    CVE-2015-3185

  • apache_mod_php

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Multiple vulnerabilities existed in PHP 5.5.20, the most serious of which may lead to arbitrary code execution.

    Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.20. These were addressed by updating Apache to version 5.5.27.

    CVE-ID

    CVE-2015-2783

    CVE-2015-2787

    CVE-2015-3307

    CVE-2015-3329

    CVE-2015-3330

    CVE-2015-4021

    CVE-2015-4022

    CVE-2015-4024

    CVE-2015-4025

    CVE-2015-4026

    CVE-2015-4147

    CVE-2015-4148

  • Apple ID OD Plug-in

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able change the password of a local user

    Description: In some circumstances, a state management issue existed in password authentication. The issue was addressed through improved state management.

    CVE-ID

    CVE-2015-3799 : an anonymous researcher working with HP's Zero Day Initiative

  • AppleGraphicsControl

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able to determine kernel memory layout

    Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2015-5768 : JieTao Yang of KeenTeam

  • Bluetooth

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A local user may be able to execute arbitrary code with system privileges

    Description: A memory corruption issue existed in IOBluetoothHCIController. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-3779 : Teddy Reed of Facebook Security

  • Bluetooth

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able to determine kernel memory layout

    Description: A memory management issue could have led to the disclosure of kernel memory layout. This issue was addressed with improved memory management.

    CVE-ID

    CVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze Networks

  • Bluetooth

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious app may be able to access notifications from other iCloud devices

    Description: An issue existed where a malicious app could access a Bluetooth-paired Mac or iOS device's Notification Center notifications via the Apple Notification Center Service. The issue affected devices using Handoff and logged into the same iCloud account. This issue was resolved by revoking access to the Apple Notification Center Service.

    CVE-ID

    CVE-2015-3786 : Xiaolong Bai (Tsinghua University), Luyi Xing (System Security Lab of Indiana University), Tongxin Li (Peking University), XiaoFeng Wang (Indiana University)

  • Bluetooth

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: An attacker with privileged network position may be able to perform denial of service attack using malformed Bluetooth packets

    Description: An input validation issue existed in parsing of Bluetooth ACL packets. This issue was addressed through improved input validation.

    CVE-ID

    CVE-2015-3787 : moony li of Trend Micro

  • Bluetooth

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

    Description: Multiple buffer overflow issues existed in blued's handling of XPC messages. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2015-3777 : mitp0sh of [PDX]

  • bootp

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: An attacker may be able to determine Wi-Fi networks a device has previously accessed

    Description: Upon connecting to a Wi-Fi network, MAC addresses of previously accessed networks may have been broadcast. This issue was addressed by broadcasting only MAC addresses associated with the current SSID.

    CVE-ID

    CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project)

  • CloudKit

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able to access the iCloud user record of a previously signed in user

    Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling.

    CVE-ID

    CVE-2015-3782 : Deepkanwal Plaha of University of Toronto

  • CoreMedia Playback

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

    Description: Memory corruption issues existed in CoreMedia Playback. These were addressed through improved memory handling.

    CVE-ID

    CVE-2015-5777 : Apple

    CVE-2015-5778 : Apple

  • CoreText

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.

    CVE-ID

    CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team

  • CoreText

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.

    CVE-ID

    CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team

  • curl

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Multiple vulnerabilities in cURL and libcurl prior to 7.38.0, one of which may allow remote attackers to bypass the Same Origin Policy.

    Description: Multiple vulnerabilities existed in cURL and libcurl prior to 7.38.0. These issues were addressed by updating cURL to version 7.43.0.

    CVE-ID

    CVE-2014-3613

    CVE-2014-3620

    CVE-2014-3707

    CVE-2014-8150

    CVE-2014-8151

    CVE-2015-3143

    CVE-2015-3144

    CVE-2015-3145

    CVE-2015-3148

    CVE-2015-3153

  • Data Detectors Engine

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Processing a sequence of unicode characters can lead to an unexpected application termination or arbitrary code execution

    Description: Memory corruption issues existed in processing of Unicode characters. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)

  • Date & Time pref pane

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Applications that rely on system time may have unexpected behavior

    Description: An authorization issue existed when modifying the system date and time preferences. This issue was addressed with additional authorization checks.

    CVE-ID

    CVE-2015-3757 : Mark S C Smith

  • Dictionary Application

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: An attacker with a privileged network position may be able to intercept users' Dictionary app queries

    Description: An issue existed in the Dictionary app, which did not properly secure user communications. This issue was addressed by moving Dictionary queries to HTTPS.

    CVE-ID

    CVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team

  • DiskImages

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges

    Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team

  • dyld

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A local user may be able to execute arbitrary code with system privileges

    Description: A path validation issue existed in dyld. This was addressed through improved environment sanitization.

    CVE-ID

    CVE-2015-3760 : beist of grayhash, Stefan Esser

  • FontParser

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.

    CVE-ID

    CVE-2015-3804 : Apple

    CVE-2015-5775 : Apple

  • FontParser

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.

    CVE-ID

    CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team

  • groff

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Multiple issues in pdfroff

    Description: Multiple issues existed in pdfroff, the most serious of which may allow arbitrary filesystem modification. These issues were addressed by removing pdfroff.

    CVE-ID

    CVE-2009-5044

    CVE-2009-5078

  • ImageIO

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in the processing of TIFF images. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2015-5758 : Apple

  • ImageIO

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Visiting a maliciously crafted website may result in the disclosure of process memory

    Description: An uninitialized memory access issue existed in ImageIO's handling of PNG and TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of PNG and TIFF images.

    CVE-ID

    CVE-2015-5781 : Michal Zalewski

    CVE-2015-5782 : Michal Zalewski

  • Install Framework Legacy

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able to execute arbitrary code with root privileges

    Description: An issue existed in how Install.framework's 'runner' binary dropped privileges. This issue was addressed through improved privilege management.

    CVE-ID

    CVE-2015-5784 : Ian Beer of Google Project Zero

  • Install Framework Legacy

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A race condition existed in Install.framework's 'runner' binary that resulted in privileges being incorrectly dropped. This issue was addressed through improved object locking.

    CVE-ID

    CVE-2015-5754 : Ian Beer of Google Project Zero

Internet Security For Mac Reviews

  • IOFireWireFamily

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A local user may be able to execute arbitrary code with system privileges

    Description: Memory corruption issues existed in IOFireWireFamily. These issues were addressed through additional type input validation.

    CVE-ID

    CVE-2015-3769 : Ilja van Sprundel

    CVE-2015-3771 : Ilja van Sprundel

    CVE-2015-3772 : Ilja van Sprundel

  • IOGraphics

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A memory corruption issue existed in IOGraphics. This issue was addressed through additional type input validation.

    CVE-ID

    CVE-2015-3770 : Ilja van Sprundel

    CVE-2015-5783 : Ilja van Sprundel

  • IOHIDFamily

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A local user may be able to execute arbitrary code with system privileges

    Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-5774 : TaiG Jailbreak Team

  • Kernel

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able to determine kernel memory layout

    Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface.

    CVE-ID

    CVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team, @PanguTeam

  • Kernel

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: An integer overflow existed in the handling of IOKit functions. This issue was addressed through improved validation of IOKit API arguments.

    CVE-ID

    CVE-2015-3768 : Ilja van Sprundel

  • Kernel

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A local user may be able to cause a system denial of service

    Description: A resource exhaustion issue existed in the fasttrap driver. This was addressed through improved memory handling.

    CVE-ID

    CVE-2015-5747 : The Brainy Code Scanner (m00nbsd)

  • Kernel

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A local user may be able to cause a system denial of service

    Description: A validation issue existed in the mounting of HFS volumes. This was addressed by adding additional checks.

    CVE-ID

    CVE-2015-5748 : Maxime Villard of m00nbsd

  • Kernel

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able to execute unsigned code

    Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation.

    CVE-ID

    CVE-2015-3806 : TaiG Jailbreak Team

  • Kernel

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A specially crafted executable file could allow unsigned, malicious code to execute

    Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files.

    CVE-ID

    CVE-2015-3803 : TaiG Jailbreak Team

MacKaspersky internet security for mac yosemite
  • Kernel

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A local user may be able to execute unsigned code

    Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks.

    CVE-ID

    CVE-2015-3802 : TaiG Jailbreak Team

    CVE-2015-3805 : TaiG Jailbreak Team

  • Kernel

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges

    Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany

  • Kernel

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A local user may be able to execute arbitrary code with system privileges

    Description: A path validation issue existed. This was addressed through improved environment sanitization.

    CVE-ID

    CVE-2015-3761 : beist of grayish

  • Libc

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Processing a maliciously crafted regular expression may lead to an unexpected application termination or arbitrary code execution

    Description: Memory corruption issues existed in the TRE library. These were addressed through improved memory handling.

    CVE-ID

    CVE-2015-3796 : Ian Beer of Google Project Zero

    CVE-2015-3797 : Ian Beer of Google Project Zero

    CVE-2015-3798 : Ian Beer of Google Project Zero

  • Libinfo

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

    Description: Memory corruption issues existed in handling AF_INET6 sockets. These were addressed by improved memory handling.

    CVE-ID

    CVE-2015-5776 : Apple

  • libpthread

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A memory corruption issue existed in handling syscalls. This issue was addressed through improved lock state checking.

    CVE-ID

    CVE-2015-5757 : Lufeng Li of Qihoo 360

  • libxml2

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service

    Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2.

    CVE-ID

    CVE-2014-0191 : Felix Groebert of Google

  • libxml2

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information

    Description: A memory access issue existed in libxml2. This was addressed by improved memory handling

    CVE-ID

    CVE-2014-3660 : Felix Groebert of Google

  • libxml2

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information

    Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-3807 : Apple

  • libxpc

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking.

    CVE-ID

    CVE-2015-3795 : Mathew Rowley

  • mail_cmds

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A local user may be able to execute arbitrary shell commands

    Description: A validation issue existed in the mailx parsing of email addresses. This was addressed by improved sanitization.

    CVE-ID

    CVE-2014-7844

  • Notification Center OSX

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A malicious application may be able to access all notifications previously displayed to users

    Description: An issue existed in Notification Center, which did not properly delete user notifications. This issue was addressed by correctly deleting notifications dismissed by users.

    CVE-ID

    CVE-2015-3764 : Jonathan Zdziarski

  • ntfs

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A local user may be able to execute arbitrary code with system privileges

    Description: A memory corruption issue existed in NTFS. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze Networks

  • OpenSSH

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Remote attackers may be able to circumvent a time delay for failed login attempts and conduct brute-force attacks

    Description: An issue existed when processing keyboard-interactive devices. This issue was addressed through improved authentication request validation.

    CVE-ID

    CVE-2015-5600

  • OpenSSL

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg, the most serious of which may allow a remote attacker to cause a denial of service.

    Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg.

    CVE-ID

    CVE-2015-1788

    CVE-2015-1789

    CVE-2015-1790

    CVE-2015-1791

    CVE-2015-1792

For
  • perl

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Parsing a maliciously crafted regular expression may lead to disclosure of unexpected application termination or arbitrary code execution

    Description: An integer underflow issue existed in the way Perl parsed regular expressions. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2013-7422

  • PostgreSQL

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: An attacker may be able to cause unexpected application termination or gain access to data without proper authentication

    Description: Multiple issues existed in PostgreSQL 9.2.4. These issues were addressed by updating PostgreSQL to 9.2.13.

    CVE-ID

    CVE-2014-0067

    CVE-2014-8161

    CVE-2015-0241

    CVE-2015-0242

    CVE-2015-0243

    CVE-2015-0244

  • python

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Multiple vulnerabilities existed in Python 2.7.6, the most serious of which may lead to arbitrary code execution

    Description: Multiple vulnerabilities existed in Python versions prior to 2.7.6. These were addressed by updating Python to version 2.7.10.

    CVE-ID

    CVE-2013-7040

    CVE-2013-7338

    CVE-2014-1912

    CVE-2014-7185

    CVE-2014-9365

  • QL Office

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Parsing a maliciously crafted Office document may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in parsing of Office documents. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-5773 : Apple

  • QL Office

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information

    Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing.

    CVE-ID

    CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.

  • Quartz Composer Framework

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in parsing of QuickTime files. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-5771 : Apple

  • Quick Look

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Searching for a previously viewed website may launch the web browser and render that website

    Description: An issue existed where QuickLook had the capability to execute JavaScript. The issue was addressed by disallowing execution of JavaScript.

    CVE-ID

    CVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole

  • QuickTime 7

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2015-3779

    CVE-2015-5753 : Apple

    CVE-2015-5779 : Apple

  • QuickTime 7

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2015-3765 : Joe Burnett of Audio Poison

    CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos

    CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos

    CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos

    CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos

    CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos

    CVE-2015-5751 : WalkerFuz

  • SceneKit

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution

    Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved input validation.

    CVE-ID

    CVE-2015-5772 : Apple

  • SceneKit

    Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4

    Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in SceneKit. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-3783 : Haris Andrianakis of Google Security Team

  • Security

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A standard user may be able to gain access to admin privileges without proper authentication

    Description: An issue existed in handling of user authentication. This issue was addressed through improved authentication checks.

    CVE-ID

    CVE-2015-3775 : [Eldon Ahrold]

  • SMBClient

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in the SMB client. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-3773 : Ilja van Sprundel

  • Speech UI

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Parsing a maliciously crafted unicode string with speech alerts enabled may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in handling of Unicode strings. This issue was addressed by improved memory handling.

    CVE-ID

    CVE-2015-3794 : Adam Greenbaum of Refinitive

  • sudo

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9, the most serious of which may allow an attacker access to arbitrary files

    Description: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9. These were addressed by updating sudo to version 1.7.10p9.

    CVE-ID

    CVE-2013-1775

    CVE-2013-1776

    CVE-2013-2776

    CVE-2013-2777

    CVE-2014-0106

    CVE-2014-9680

  • tcpdump

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most serious of which may allow a remote attacker to cause a denial of service.

    Description: Multiple vulnerabilities existed in tcpdump versions prior to 4.7.3. These were addressed by updating tcpdump to version 4.7.3.

    CVE-ID

    CVE-2014-8767

    CVE-2014-8769

    CVE-2014-9140

  • Text Formats

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Parsing a maliciously crafted text file may lead to disclosure of user information

    Description: An XML external entity reference issue existed with TextEdit parsing. This issue was addressed through improved parsing.

    CVE-ID

    CVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team

  • udf

    Available for: OS X Yosemite v10.10 to v10.10.4

    Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges

    Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-3767 : beist of grayhash

OS X Yosemite v10.10.5 includes the security content of Safari 8.0.8.