Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Security Update 2017-001 (Yosemite and El Capitan)

Apple has released Security Update 2017-001 for OS X 10.10 Yosemite and 10.11 El Capitan, bringing a few select patches from the macOS 10.12.4 Sierra release to the two older operating systems (see “Apple Releases macOS 10.12.4, watchOS 3.2, and tvOS 10.2,” 27 March 2017). The security update addresses a memory corruption issue in both systems that could allow a maliciously crafted JPEG file to arbitrarily execute code, as well as a timing side channel issue that affected El Capitan that could leak sensitive user information. (Free. For 10.10.5 Yosemite, 495.2 MB; for 10.11.6 El Capitan, 700.6 MB; security content release notes)

 

Backblaze is unlimited, unthrottled backup for Macs at $5/month.
Web access to files means your data is always available. Restore
by Mail allows you to recover files via a hard drive or USB.
Start your 15-day trial today! <https://www.backblaze.com/tb>
 

Comments about Security Update 2017-001 (Yosemite and El Capitan)
(Comments are closed.)

rhett bohling  2017-03-28 05:44
Patches are always welcome, but can someone explain the JPEG?
Adam Engst  An apple icon for a TidBITS Staffer 2017-03-28 09:38
The "maliciously crafted" bit basically means that the bad guys can create a JPEG file that's "corrupt" in some way that causes Apple's graphics rendering libraries to fail such that code embedded in the corrupt JPEG file is executed.
rhett bohling  2017-04-12 07:41
Thanks for the reply Adam. I just realized you guys have a podcast. I have been a subscriber for a little over a couple years. I enjoy the updates.