Apple Patches 2 Critical Security Flaws in OS X Yosemite and El Capitan

| Product News

Apple released separate security updates for OS X Yosemite and OS X El Capitan on Thursday. Both updates patch the same two critical security flaws. One flaw potentially exposed kernel memory, and the other allowed a maliciously crafted app to take over your system.

bug-browser-window

The update for Yosemite is: Security Update 2016-005 (10.10.5) – (468MB Download)

The update for El Capitan is: Security Update 2016-001 (10.11.6) – (414.9MB Download)

The patch notes for both say simply that the update, “is recommended for all users and improves the security of OS X.”

Nuts and Bolts

Apple’s security update site, though, specifies the following for both updates:

Kernel

  • Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
  • Impact: An application may be able to disclose kernel memory
  • Description: A validation issue was addressed through improved input sanitization.
  • CVE-2016-4655: Citizen Lab and Lookout

Kernel

  • Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
  • Impact: An application may be able to execute arbitrary code with kernel privileges
  • Description: A memory corruption issue was addressed through improved memory handling.
  • CVE-2016-4656: Citizen Lab and Lookout

The download sizes above are for the standalone updates available through Apple’s support site. You can also download the update for your OS through the Mac App Store.

One Comment Add a comment

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account