The next cumulative update for OS X Yosemite 10.10.4, released this week, includes fixes security vulnerabilities in the media player QuickTime, the OpenSSL Protocol and firmware ImageIO. It is reported Securitylab.
Apple has released a series of updates to address a total of 77 holes in the operating system OS X Yosemite. Corrective update index 10.10.4 includes fixes for vulnerabilities in QuickTime multimedia platform, OpenSSL and ImageIO, along with the security holes, the operation of which allows the attacker to perform remote code execution to elevate privileges or to crash the application.
Update for Safari includes fixes four vulnerabilities in the browser engine WebKit. Exploitation of these vulnerabilities allowed remote execution of code, to steal account data and cookies, and view WebSQL database.
Apple also fixed a flaw that allowed attackers to reflash the device by putting a malware directly into the firmware UEFI (unified extensible firmware interface).
Experts recommend users of OS X Yosemite as soon as possible to establish corrective updates are available for download via the update utility products Apple Software Update.
Earlier it became known that the update to OS X Yosemite 10.10.4 adds a command line utility trimforce that activates TRIM for third party SSDS.