![\"Forget](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/04\/osxupdate-600x300.jpeg\")
\nOS X users \u2014\u00a0it’s time to patch your computers.<\/p>\n
\nOS X users \u2014\u00a0it’s time to patch your computers.<\/p>\n
Many people will be updating their iMac desktops and MacBooks to take advantage of hundreds of new emojis and Apple’s long-awaited replacement for iPhoto (imaginatively entitled Photos), but there are more serious reasons why you should be considering freshening your installation of OS X.<\/p>\n
It doesn’t matter whether you are interested in upgrading to OS X Yosemite 10.10.3 or not, there are Apple security updates waiting for you.<\/p>\n
In all, Apple has released patches addressing 80-or-so different security issues<\/a>\u00a0\u2014 the worst of which could allow an attacker to run malicious code (such as a worm) on your Mac.<\/p>\n Other flaws include important fixes for OpenSSL, which reportedly will prevent hackers intercepting what should be secure communications between Macs and Internet sites and services.<\/p>\n It’s a sign of the times that many of the security vulnerabilities were not found by Apple itself, but by third-party researchers working for other companies.<\/p>\n For instance, Yahoo discovered a privilege escalation vulnerability<\/a> in an Nvidia OS X kernel driver that ships with OS X.<\/p>\n In his write-up of the flaw, Varda bemoans that Apple’s description of the vulnerability was “terse,” and goes into some detail of how he discovered it and his appreciation that it has now been fixed.<\/p>\n “Arguably the worst \/ most interesting part of this problem is that it was a problem inherent in the API. Technically it was not that the kernel was buggy, but that the interface was confusing (and underdocumented) in a way that caused the same bug to manifest in several different apps.”<\/p><\/blockquote>\n And no write-up of the security fixes in this Apple update would be complete without mentioning Google’s contribution.<\/p>\n Researchers at Google Project Zero \u2014\u00a0who have courted controversy<\/a> in recent months with a serious of announcements about unpatched security flaws in other vendors’ software \u2014\u00a0were credited by Apple for finding numerous security holes in OS X that are fixed in this update.<\/p>\n Even if you haven’t made the switch to OS X Yosemite yet, you’re still advised to check out Apple Security Update 2015-004<\/a> as it will help you patch earlier versions of OS X (Mavericks and Mountain Lion).<\/p>\n In parallel, Apple released important privacy and security updates for Safari<\/a>, as well as sneaking a hefty number of security fixes<\/a> into iOS 8.3 for users of iPhones and iPads.<\/p>\n Even if you’re a curmudgeon like me who doesn’t understand the appeal of emojis, don’t disregard this new update from Apple.<\/p>\n Install it for security reasons, or you’ll be the one left without a smiley face.<\/p>\n","protected":false},"excerpt":{"rendered":" Install the latest update from Apple for security reasons, or you’ll be the one left without a smiley face.<\/p>\n","protected":false},"author":34,"featured_media":40177,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[7,11],"tags":[3151,168,2131,2134],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\n![\"Whirlpool\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/04\/whirlpool-170.jpeg\")
Kenton Varda, a researcher at sandstorm.io, shared some details<\/a> of one of the kernel vulnerabilities that Apple patched, and how it could have been used to crash the likes of Chrome, Node.js and other apps by sending them into infinite loops.<\/p>\n![\"Updating](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/04\/software-update-yosemite.jpeg\")
<\/p>\n