{"id":36226,"date":"2015-01-27T12:56:12","date_gmt":"2015-01-27T20:56:12","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=36226"},"modified":"2015-01-27T12:56:12","modified_gmt":"2015-01-27T20:56:12","slug":"os-x-10-10-2-update-released-fixing-thunderstrike-and-other-security-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/os-x-10-10-2-update-released-fixing-thunderstrike-and-other-security-vulnerabilities\/","title":{"rendered":"OS X 10.10.2 Update Released \u2013 Fixing Thunderstrike and other Security Vulnerabilities"},"content":{"rendered":"
<\/p>\n
Apple has released the latest update to OS X Yosemite, 10.10.2, fixing a number of issues\u2014including some serious security vulnerabilities.<\/p>\n
The first\u00a0time\u00a0that most Mac users will know about the update is when they find it nestled amongst their other updates in the App Store\u2014and at first you may not realise the seriousness of the security issues it aims to fix, because they are hidden beneath a host of other fixes:<\/p>\n
<\/p>\n
This update addresses the following:<\/p>\n
\n
\n
Resolves an issue that might cause Wi-Fi to disconnect<\/li>\n
Resolves an issue that might cause web pages to load slowly<\/li>\n
Fixes an issue that could cause Spotlight to load remote email content when this preference is disabled in Mail<\/li>\n
Improves audio and video sync when using Bluetooth headphones<\/li>\n
Adds the ability to browse iCloud Drive in Time Machine<\/li>\n
Improves VoiceOver speech performance<\/li>\n
Resolves an issue that could cause VoiceOver to echo characters when entering text on a web page<\/li>\n
Addresses an issue that could cause the input method to switch languages unexpectedly<\/li>\n
Improves stability and security in Safari<\/li>\n<\/ul>\n<\/blockquote>\n
What’s most interesting to readers of this site, however, are the security fixes in this update to OS X, detailed\u2014as usual\u2014on Apple’s security updates webpage<\/a>.<\/p>\n
![\"Thunderstrike\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/01\/thunder-600x300.jpeg\")
<\/p>\n![\"OS](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/01\/os-x-update-1.jpeg\")
<\/p>\n![\"Details](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/01\/thunderstrike.jpeg\")
<\/p>\n![\"Feather](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/01\/feather-duster-170.jpeg\")
One possible infection scenario is that you could visit a hotel, pop down to have breakfast and leave your laptop unattended. While you are away gorging yourself on hash browns and sausages, an “evil maid” has plugged a device into your Thunderbolt drive and reflashed your computer’s boot ROM.<\/p>\n