OS X 10.10.5 closes DYLD vulnerability, fixes bug and performance issues

Posted:
in macOS edited August 2015
Apple on Thursday released the finished version of OS X 10.10.5, a maintenance update for Yosemite that mostly concentrates on bugfixes and security issues, including the DYLD_PRINT_TO_FILE privilege escalation exploit.




The update also solves Mail compatibility problems with some email servers, and quashes a Photos bug that prevented importing GoPro videos. QuickTime Player should once again be able to play Windows Media files. Across the OS, Apple has made various performance improvements.

The DYLD_PRINT_TO_FILE vulnerability allowed an installer to gain root access without entering a password, from which point it could insert further software such as adware.

OS X 10.10.5 can be downloaded via the Updates tab at the Mac App Store.

The release will likely be the last major update for Yosemite, as OS X 10.11 -- El Capitan -- is due to ship sometime this fall.

Comments

  • Reply 1 of 10
    gregqgregq Posts: 62member

    Yes!!! Thank you Apple :)

  • Reply 2 of 10
    robmrobm Posts: 1,068member
    Vulnerability fixed in about a week. Good job Apple.
  • Reply 3 of 10
    Quote:

    Originally Posted by RobM View Post



    Vulnerability fixed in about a week. Good job Apple.

     

    since it went PUBLIC. It's been vulnerable for months since they knew about it.... 

  • Reply 4 of 10
    robmrobm Posts: 1,068member
    True. I should've qualified my post.
  • Reply 5 of 10
    lkrupplkrupp Posts: 5,806member
    Quote:
    Originally Posted by thataveragejoe View Post

     

     

    since it went PUBLIC. It's been vulnerable for months since they knew about it.... 




    Thank you Captain Obvious. Turns a positive into a negative every time.

  • Reply 6 of 10
    Quote:
    Originally Posted by lkrupp View Post

     



    Thank you Captain Obvious. Turns a positive into a negative every time.


     

    Sorry but zero day exploits shouldn't take going public/shaming to be fixed. Be it Apple, Google, Microsoft, Adobe, whomever. Months of lead time should be sufficient to close your critical bugs. 

     

    Yes it's great this has been patched for good, truly, but no 'atta-boy' from me for being lazy. All I was calling out was that this wasn't really patched in a week, which is true.

  • Reply 7 of 10
    jccjcc Posts: 173member
    I wish they would fix their crappy mail program!!! How many years do they need?
  • Reply 8 of 10



    Saids who? The moronic German who publicly disclosed a vulnerability to the masses for self-promotion?

  • Reply 9 of 10
    rcfarcfa Posts: 682member
    is0late wrote: »

    Saids who? The moronic German who publicly disclosed a vulnerability to the masses for self-promotion?

    It is standard practice to give a company 60-90 days lead time before going public.
    If that weren't like this manufacturers had no pressure to fix things since things would just be swept under the rug with big risks with spooks and other criminals using a black market of kept secret exploits to violate.

    Apple had more than enough lead time, going public was totally justified.
  • Reply 10 of 10
    Well, that "moronic German" did well because the bug would most likely be lingering, open, with all of us unsuspectingly susceptible to attacks. Just like we were for the last 6 months or so. Unfortunately, this seems the course of action for Apple.

    Apple does make fabulous products and their OS is very good, yet their management of bugs and vulnerabilities leaves much to be desired. They are being way too slow to patch problems and they do not collaborate well — if at all — with those who find vulnerabilities. For instance, I had found a vulnerability in the screen saver a few years ago and had reported it on Radar only to see my bug closed for being "not a real problem". Somebody else eventually made the bug public and suddenly Apple found a solution in less than a month, a full 15 months after closing my Radar for being irrelevant. How many vulnerabilities have been closed only when made public ? Too many.

    So, as Thataveragejoe said : it's great this bug has been patched but no congratulations are in order !

    Edit : Rcfa basically said the same thing as I was writing my post ! Typing on the iPhone is a slow and long chore !
Sign In or Register to comment.