f



Mac OS X 10.10.2 and Security Update 2015-001 Released

APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001

OS X 10.10.2 and Security Update 2015-001 are now available and
address the following:

AFP Server
Available for:  OS X Mavericks v10.9.5
Impact:  A remote attacker may be able to determine all the network
addresses of the system
Description:  The AFP file server supported a command which returned
all the network addresses of the system. This issue was addressed by
removing the addresses from the result.
CVE-ID
CVE-2014-4426 : Craig Young of Tripwire VERT

bash
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  Multiple vulnerabilities in bash, including one that may
allow local attackers to execute arbitrary code
Description:  Multiple vulnerabilities existed in bash. These issues
were addressed by updating bash to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187

Bluetooth
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  An integer signedness error existed in
IOBluetoothFamily which allowed manipulation of kernel memory. This
issue was addressed through improved bounds checking. This issue does
not affect OS X Yosemite systems.
CVE-ID
CVE-2014-4497

Bluetooth
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  An error existed in the Bluetooth driver that allowed a
malicious application to control the size of a write to kernel
memory. The issue was addressed through additional input validation.
CVE-ID
CVE-2014-8836 : Ian Beer of Google Project Zero

Bluetooth
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  Multiple security issues existed in the Bluetooth
driver, allowing a malicious application to execute arbitrary code
with system privilege. The issues were addressed through additional
input validation.
CVE-ID
CVE-2014-8837 : Roberto Paleari and Aristide Fattori of Emaze
Networks

CFNetwork Cache
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  Website cache may not be fully cleared after leaving private
browsing
Description:  A privacy issue existed where browsing data could
remain in the cache after leaving private browsing. This issue was
addressed through a change in caching behavior.
CVE-ID
CVE-2014-4460

CoreGraphics
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4481 : Felipe Andres Manzano of the Binamuse VRT, via the
iSIGHT Partners GVP Program

CPU Software
Available for:  OS X Yosemite v10.10 and v10.10.1,
for: MacBook Pro Retina, MacBook Air (Mid 2013 and later),
iMac (Late 2013 and later), Mac Pro (Late 2013)
Impact:  A malicious Thunderbolt device may be able to affect
firmware flashing
Description:  Thunderbolt devices could modify the host firmware if
connected during an EFI update. This issue was addressed by not
loading option ROMs during updates.
CVE-ID
CVE-2014-4498 : Trammell Hudson of Two Sigma Investments

CommerceKit Framework
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  An attacker with access to a system may be able to recover
Apple ID credentials
Description:  An issue existed in the handling of App Store logs. The
App Store process could log Apple ID credentials in the log when
additional logging was enabled. This issue was addressed by
disallowing logging of credentials.
CVE-ID
CVE-2014-4499 : Sten Petersen

CoreGraphics
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  Some third-party applications with non-secure text entry and
mouse events may log those events
Description:  Due to the combination of an uninitialized variable and
an application's custom allocator, non-secure text entry and mouse
events may have been logged. This issue was addressed by ensuring
that logging is off by default. This issue did not affect systems
prior to OS X Yosemite.
CVE-ID
CVE-2014-1595 : Steven Michaud of Mozilla working with Kent Howard

CoreGraphics
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact:  Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in the handling of
PDF files. The issue was addressed through improved bounds checking.
This issue does not affect OS X Yosemite systems.
CVE-ID
CVE-2014-8816 : Mike Myers, of Digital Operatives LLC

CoreSymbolication
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  Multiple type confusion issues existed in
coresymbolicationd's handling of XPC messages. These issues were
addressed through improved type checking.
CVE-ID
CVE-2014-8817 : Ian Beer of Google Project Zero

FontParser
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  Processing a maliciously crafted .dfont file may lead to an
unexpected application termination or arbitrary code execution
Description:  A memory corruption issue existed in the handling of
..dfont files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4484 : Gaurav Baruah working with HP's Zero Day Initiative

FontParser
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the handling of font
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4483 : Apple

Foundation
Available for:  OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  Viewing a maliciously crafted XML file may lead to an
unexpected application termination or arbitrary code execution
Description:  A buffer overflow existed in the XML parser. This issue
was addressed through improved bounds checking.
CVE-ID
CVE-2014-4485 : Apple

Intel Graphics Driver
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  Multiple vulnerabilities in Intel graphics driver
Description:  Multiple vulnerabilities existed in the Intel graphics
driver, the most serious of which may have led to arbitrary code
execution with system privileges. This update addresses the issues
through additional bounds checks.
CVE-ID
CVE-2014-8819 : Ian Beer of Google Project Zero
CVE-2014-8820 : Ian Beer of Google Project Zero
CVE-2014-8821 : Ian Beer of Google Project Zero

IOAcceleratorFamily
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A null pointer dereference existed in
IOAcceleratorFamily's handling of certain IOService userclient types.
This issue was addressed through improved validation of
IOAcceleratorFamily contexts.
CVE-ID
CVE-2014-4486 : Ian Beer of Google Project Zero

IOHIDFamily
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A buffer overflow existed in IOHIDFamily. This issue
was addressed with improved bounds checking.
CVE-ID
CVE-2014-4487 : TaiG Jailbreak Team

IOHIDFamily
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A validation issue existed in IOHIDFamily's handling of
resource queue metadata. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2014-4488 : Apple

IOHIDFamily
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A null pointer dereference existed in IOHIDFamily's
handling of event queues. This issue was addressed through improved
validation of IOHIDFamily event queue initialization.
CVE-ID
CVE-2014-4489 : @beist

IOHIDFamily
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  Executing a malicious application may result in arbitrary
code execution within the kernel
Description:  A bounds checking issue existed in a user client vended
by the IOHIDFamily driver which allowed a malicious application to
overwrite arbitrary portions of the kernel address space. The issue
is addressed by removing the vulnerable user client method.
CVE-ID
CVE-2014-8822 : Vitaliy Toropov working with HP's Zero Day Initiative

IOKit
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  An integer overflow existed in the handling of IOKit
functions. This issue was addressed through improved validation of
IOKit API arguments.
CVE-ID
CVE-2014-4389 : Ian Beer of Google Project Zero

IOUSBFamily
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  A privileged application may be able to read arbitrary data
from kernel memory
Description:  A memory access issue existed in the handling of IOUSB
controller user client functions. This issue was addressed through
improved argument validation.
CVE-ID
CVE-2014-8823 : Ian Beer of Google Project Zero

Kernel
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  Specifying a custom cache mode allowed writing to
kernel read-only shared memory segments. This issue was addressed by
not granting write permissions as a side-effect of some custom cache
modes.
CVE-ID
CVE-2014-4495 : Ian Beer of Google Project Zero

Kernel
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A validation issue existed in the handling of certain
metadata fields of IODataQueue objects. This issue was addressed
through improved validation of metadata.
CVE-ID
CVE-2014-8824 : @PanguTeam

Kernel
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  A local attacker can spoof directory service responses to
the kernel, elevate privileges, or gain kernel execution
Description:  Issues existed in identitysvc validation of the
directory service resolving process, flag handling, and error
handling. This issue was addressed through improved validation.
CVE-ID
CVE-2014-8825 : Alex Radocea of CrowdStrike

Kernel
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  A local user may be able to determine kernel memory layout
Description:  Multiple uninitialized memory issues existed in the
network statistics interface, which led to the disclosure of kernel
memory content. This issue was addressed through additional memory
initialization.
CVE-ID
CVE-2014-4371 : Fermin J. Serna of the Google Security Team
CVE-2014-4419 : Fermin J. Serna of the Google Security Team
CVE-2014-4420 : Fermin J. Serna of the Google Security Team
CVE-2014-4421 : Fermin J. Serna of the Google Security Team

Kernel
Available for:  OS X Mavericks v10.9.5
Impact:  A person with a privileged network position may cause a
denial of service
Description:  A race condition issue existed in the handling of IPv6
packets. This issue was addressed through improved lock state
checking.
CVE-ID
CVE-2011-2391

Kernel
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  Maliciously crafted or compromised applications may be able
to determine addresses in the kernel
Description:  An information disclosure issue existed in the handling
of APIs related to kernel extensions. Responses containing an
OSBundleMachOHeaders key may have included kernel addresses, which
may aid in bypassing address space layout randomization protection.
This issue was addressed by unsliding the addresses before returning
them.
CVE-ID
CVE-2014-4491 : @PanguTeam, Stefan Esser

Kernel
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A validation issue existed in the handling of certain
metadata fields of IOSharedDataQueue objects. This issue was
addressed through relocation of the metadata.
CVE-ID
CVE-2014-4461 : @PanguTeam

LaunchServices
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious JAR file may bypass Gatekeeper checks
Description:  An issue existed in the handling of application
launches which allowed certain malicious JAR files to bypass
Gatekeeper checks. This issue was addressed through improved handling
of file type metadata.
CVE-ID
CVE-2014-8826 : Hernan Ochoa of Amplia Security

libnetcore
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious, sandboxed app can compromise the networkd
daemon
Description:  Multiple type confusion issues existed in networkd's
handling of interprocess communication. By sending networkd a
maliciously formatted message, it may have been possible to execute
arbitrary code as the networkd process. The issue is addressed
through additional type checking.
CVE-ID
CVE-2014-4492 : Ian Beer of Google Project Zero

LoginWindow
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A Mac may not lock immediately upon wake
Description:  An issue existed in the rendering of the lock screen.
This issue was address through improved screen rendering while
locked.
CVE-ID
CVE-2014-8827 : Xavier Bertels of Mono, and multiple OS X seed
testers

lukemftp
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  Using the command line ftp tool to fetch files from a
malicious http server may lead to arbitrary code execution
Description:  A command injection issue existed in the handling of
HTTP redirects. This issue was addressed through improved validation
of special characters.
CVE-ID
CVE-2014-8517

OpenSSL
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  Multiple vulnerabilities in OpenSSL 0.9.8za, including one
that may allow an attacker to downgrade connections to use weaker
cipher-suites in applications using the library
Description:  Multiple vulnerabilities existed in OpenSSL 0.9.8za.
These issues were addressed by updating OpenSSL to version 0.9.8zc.
CVE-ID
CVE-2014-3566
CVE-2014-3567
CVE-2014-3568

Sandbox
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact:  A sandboxed process may be able to circumvent sandbox
restrictions
Description:  A design issue existed in the caching of sandbox
profiles which allowed sandboxed applications to gain write access to
the cache. This issue was addressed by restricting write access to
paths containing a "com.apple.sandbox" segment. This issue does
not affect OS X Yosemite v10.10 or later.
CVE-ID
CVE-2014-8828 : Apple

SceneKit
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact:  A malicious application could execute arbitrary code leading
to compromise of user information
Description:  Multiple out of bounds write issues existed in
SceneKit. These issues were addressed through improved bounds
checking.
CVE-ID
CVE-2014-8829 : Jose Duart of the Google Security Team

SceneKit
Available for:  OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  Viewing a maliciously crafted Collada file may lead to an
unexpected application termination or arbitrary code execution
Description:  A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to an unexpected application termination or arbitrary code
execution. This issue was addressed through improved validation of
accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team

Security
Available for:  OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A downloaded application signed with a revoked Developer ID
certificate may pass Gatekeeper checks
Description:  An issue existed with how cached application
certificate information was evaluated. This issue was addressed with
cache logic improvements.
CVE-ID
CVE-2014-8838 : Apple

security_taskgate
Available for:  OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  An app may access keychain items belonging to other apps
Description:  An access control issue existed in the Keychain.
Applications signed with self-signed or Developer ID certificates
could access keychain items whose access control lists were based on
keychain groups. This issue was addressed by validating the signing
identity when granting access to keychain groups.
CVE-ID
CVE-2014-8831 : Apple

Spotlight
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  The sender of an email could determine the IP address of the
recipient
Description:  Spotlight did not check the status of Mail's "Load
remote content in messages" setting. This issue was addressed by
improving configuration checking.
CVE-ID
CVE-2014-8839 : John Whitehead of The New York Times, Frode Moe of
LastFriday.no

Spotlight
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  Spotlight may save unexpected information to an external
hard drive
Description:  An issue existed in Spotlight where memory contents may
have been written to external hard drives when indexing. This issue
was addressed with better memory management.
CVE-ID
CVE-2014-8832 : F-Secure

SpotlightIndex
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  Spotlight may display results for files not belonging to the
user
Description:  A deserialization issue existed in Spotlight's handling
of permission caches. A user performing a Spotlight query may have
been shown search results referencing files for which they don't have
sufficient privileges to read. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2014-8833 : David J Peacock, Independent Technology Consultant

sysmond
Available for:  OS X Mavericks v10.9.5,
OS X Yosemite v10.10 and v10.10.1
Impact:  A malicious application may be able to execute arbitrary
code with root privileges
Description:  A type confusion vulnerability existed in sysmond that
allowed a local application to escalate privileges. The issue was
addressed with improved type checking.
CVE-ID
CVE-2014-8835 : Ian Beer of Google Project Zero

UserAccountUpdater
Available for:  OS X Yosemite v10.10 and v10.10.1
Impact:  Printing-related preference files may contain sensitive
information about PDF documents
Description:  OS X Yosemite v10.10 addressed an issue in the handling
of password-protected PDF files created from the Print dialog where
passwords may have been included in printing preference files. This
update removes such extraneous information that may have been present
in printing preference files.
CVE-ID
CVE-2014-8834 : Apple

Note: OS X Yosemite 10.10.2 includes the security content of Safari
8.0.3. For further details see https://support.apple.com/kb/HT204243


OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
0
Jolly
1/27/2015 8:36:24 PM
comp.sys.mac.system 33446 articles. 2 followers. jfmezei.spamnot (9455) is leader. Post Follow

18 Replies
911 Views

Similar Articles

[PageSpeed] 40

On Tue, 27 Jan 2015 20:36:24 +0000, Jolly Roger wrote:

> APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001

<major snip>

Is that the GHOST bug that came out today that affects Linux and Unix?  I 
read that RH/Centos/Scientific, Ubuntu 12.04 and older and some other 
distros were vulnerable to this hijacking.
0
sctvguy1
1/27/2015 9:11:54 PM
On 2015-01-27, sctvguy1 <sctvguy1@invalid.net> wrote:
> On Tue, 27 Jan 2015 20:36:24 +0000, Jolly Roger wrote:
>
>> APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
>
><major snip>
>
> Is that the GHOST bug that came out today that affects Linux and Unix?  I 
> read that RH/Centos/Scientific, Ubuntu 12.04 and older and some other 
> distros were vulnerable to this hijacking.

All of the CVEs were listed in the portion you snipped.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
0
Jolly
1/27/2015 10:32:03 PM
I like how Apple includes the name of the person who reported the bug.

Jolly Roger <jollyroger@pobox.com> wrote:

> CVE-2014-4426 : Craig Young of Tripwire VERT
0
A
1/28/2015 1:41:56 PM
On 2015-01-28, A N Niel <anniel@nym.alias.net.invalid> wrote:
> I like how Apple includes the name of the person who reported the bug.

Yeah, me too. Find a bug, and get your name in blinking lights. : )

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
0
Jolly
1/28/2015 3:02:49 PM
I tried downloading and running the update, and it wouldn't install over 
my copy of 10.2.2 (public beta, build 14C106a).

It threw up the message (to the effect):
"Your system doesn't support the update".

Just wondering if someone who -does- successfully install the posted 
version of 10.2.2 would be kind enough to post the build number after 
running the update?
0
John
1/28/2015 6:32:41 PM
In article <ciqb68Fkl7cU1@mid.individual.net>, Jolly Roger
<jollyroger@pobox.com> wrote:

> APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
> 
> OS X 10.10.2 and Security Update 2015-001 are now available and
> address the following:
> 
> - snip -
> 
> OS X Yosemite 10.10.2 and Security Update 2015-001 may be obtained
> from the Mac App Store or Apple's Software Downloads web site:
> http://www.apple.com/support/downloads/
> 
> Information will also be posted to the Apple Security Updates
> web site: http://support.apple.com/kb/HT1222

These are not showing up for me in the App Store - any idea what might
be causing that? Yosemite 10.10.1. 

Thanks

-- 
Ed H.
0
Ed
1/28/2015 6:52:46 PM
On 2015-01-28, John Albert <j.albert@snet.net> wrote:
> I tried downloading and running the update, and it wouldn't install over 
> my copy of 10.2.2 (public beta, build 14C106a).
>
> It threw up the message (to the effect):
> "Your system doesn't support the update".
>
> Just wondering if someone who -does- successfully install the posted 
> version of 10.2.2 would be kind enough to post the build number after 
> running the update?

There is a huge difference between 10.10 and 10.2.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
0
Jolly
1/28/2015 7:57:12 PM
In article <54c92b16$0$19551$2c56edd9@usenetrocket.com>, John Albert
<j.albert@snet.net> wrote:

> I tried downloading and running the update, and it wouldn't install over 
> my copy of 10.2.2 (public beta, build 14C106a).
> 
> It threw up the message (to the effect):
> "Your system doesn't support the update".
> 
> Just wondering if someone who -does- successfully install the posted 
> version of 10.2.2 would be kind enough to post the build number after 
> running the update?

10.10.2 (14C109)

Installed over the public beta.
0
Michelle
1/28/2015 8:53:41 PM
On 1/28/15 3:53 PM, Michelle Steiner wrote:
> 10.10.2 (14C109)
>
> Installed over the public beta.

I was able to download [what I believe to be] the "delta" (not combo) 
updater using Software Update via the App Store.

I left Software Update to run itself for a while, and the machine just 
hung with a tiny amount of the "progress bar" consumed.

I forced a shutdown with the power-on key, and then rebooted.

Mac booted right back up to finder, so I looked in library/updates and 
located the delta update.
It shows TWO install packages:
FirmwareUpdate.pkg
OSXUpd10.10.2.pkg

I boot and run my Mini from an SSD mounted in a USB3/SATA docking 
station, so I will -assume- that this arrangement was interfering with a 
firmware update.

I then launched the 10.10.2.pkg updater, and it did the job (firmware 
notwithstanding). Upon a reboot, build version is now at 14C1009, but I 
presume withOUT the firmware update.

If anyone is having trouble that might be firmware-related, I believe 
you can obtain the 10.10.2.pkg at:
http://swcdn.apple.com/content/downloads/33/25/031-17157/5k6hpmzq78ticvk917gme657p9o2kqye8e/OSXUpd10.10.2.pkg
(no promises, but worth a try)
0
John
1/28/2015 10:19:35 PM
Okay, so one time? In band camp? John Albert <j.albert@snet.net> was all, like:
> I tried downloading and running the update, and it wouldn't install over 
> my copy of 10.2.2 (public beta, build 14C106a).

I assume you mean 10.10.2.

> Just wondering if someone who -does- successfully install the posted 
> version of 10.2.2 would be kind enough to post the build number after 
> running the update?

14C109. I was running 14C106 before. If you were still on 14C99 or
earlier, you will need to download the full installer, I believe.


-- 
http://2blog.kreme.com
0
Lewis
1/28/2015 11:02:48 PM
On 2015-01-30 00:09:00 +0000, Neill Massello said:

> Aldo Raine <apache@scalpem.net> wrote:
> 
>> Is it safe yet? Or better hold off a while before installing.
> 
> Apple's Yosemite discussion board contains reports of persistent Wi-Fi
> problems in 10.10.2. More disturbing is that some of those who did *not*
> have such problems in 10.10.1 now report them in 10.10.2. (The apparent
> fix is to replace the new 802.11 extension with the older one from
> 10.10.1.) If these reports pan out, it's an indication that Apple simply
> isn't doing enough pre-release testing of software.

Link?

0
Alan
1/29/2015 1:01:01 AM
On 2015-01-29, Aldo Raine <apache@scalpem.net> wrote:
> On 1/27/15 3:36 PM, Jolly Roger wrote:
>> APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
>>
>> OS X 10.10.2 and Security Update 2015-001 are now available and
>> address the following:
>
> Is it safe yet? Or better hold off a while before installing.

It's never been unsafe as far as I can tell.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR
0
Jolly
1/29/2015 1:01:01 AM
On 1/27/15 3:36 PM, Jolly Roger wrote:
> APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001
>
> OS X 10.10.2 and Security Update 2015-001 are now available and
> address the following:

Is it safe yet? Or better hold off a while before installing.


-- 
"My name is Lieutenant Aldo Raine and I'm putting together a special 
team, and I need me eight soldiers."
0
Aldo
1/29/2015 7:15:05 PM
On 2015.01.27 15:36 , Jolly Roger wrote:
> APPLE-SA-2015-01-27-4 OS X 10.10.2 and Security Update 2015-001

Coincidentally I got an Apple Bug Report message claiming that 10.10.2 
would resolve the e-mail issue (changing settings) and they're urging me 
to try it.

If you don't hear from me send the Saint Bernard.

You know, the one with a keg of brandy.

-- 
"Your net worth to the world is usually
  determined by what remains after your
  bad habits are subtracted from your good ones."
                                   Benjamin Franklin
0
Alan
1/29/2015 11:37:06 PM
Aldo Raine <apache@scalpem.net> wrote:

> Is it safe yet? Or better hold off a while before installing.

Apple's Yosemite discussion board contains reports of persistent Wi-Fi
problems in 10.10.2. More disturbing is that some of those who did *not*
have such problems in 10.10.1 now report them in 10.10.2. (The apparent
fix is to replace the new 802.11 extension with the older one from
10.10.1.) If these reports pan out, it's an indication that Apple simply
isn't doing enough pre-release testing of software. 

0
nmassello
1/30/2015 12:09:00 AM
On 1/29/15 7:09 PM, Neill Massello wrote:
> Aldo Raine <apache@scalpem.net> wrote:
>
>> Is it safe yet? Or better hold off a while before installing.
>
> Apple's Yosemite discussion board contains reports of persistent Wi-Fi
> problems in 10.10.2. More disturbing is that some of those who did *not*
> have such problems in 10.10.1 now report them in 10.10.2. (The apparent
> fix is to replace the new 802.11 extension with the older one from
> 10.10.1.) If these reports pan out, it's an indication that Apple simply
> isn't doing enough pre-release testing of software.
>

Did a quick search on how to set the extension back to the old one and 
didn't find anything. Is it hard to do?

-- 
"My name is Lieutenant Aldo Raine and I'm putting together a special 
team, and I need me eight soldiers."
0
Aldo
1/30/2015 12:13:39 AM
Alan Baker <alangbaker@telus.net> wrote:

> Link?

<https://discussions.apple.com/thread/6802848>

<https://discussions.apple.com/thread/6800793>

<https://discussions.apple.com/thread/6803542>

<https://discussions.apple.com/thread/6802719>


0
nmassello
1/30/2015 6:40:29 AM
On 2015-01-30 06:40:29 +0000, Neill Massello said:

> Alan Baker <alangbaker@telus.net> wrote:
> 
>> Link?
> 
> <https://discussions.apple.com/thread/6802848>
> 
> <https://discussions.apple.com/thread/6800793>
> 
> <https://discussions.apple.com/thread/6803542>
> 
> <https://discussions.apple.com/thread/6802719>

Thank you.

0
Alan
1/30/2015 6:46:05 AM
Reply:

Similar Artilces:

Recent Articles,, * Amazon offering Mac OS X Snow Leopard Family Pack for $36.49, * Apple Releases Mac OS X 10.6.1, the first update to the Snow Leopard operating system, * Gartner: Exchange
http://switchtoamac.com/site/survey-indicates-that-50-of-us-it-pros-are-considering-abandoning-windows-likely-to-switch-to-apples-mac-os-x.html http://tinyurl.com/ybrbgek A June 12, 2009 CNNMoney.com article titled 'Can Windows 7 save PCs?", David Goldman writes about Microsoft's upcoming Windows 7 operating system. The article discusses the PC slump and highlights a March survey conducted by Dimension Research that indicates that 50% of respondents are likely to dump Windows in favor of Apple's Mac OS X operating system. Noteworthy quotes form the article ...

Are Mac OS X 10.5.8's iLife programs safe to use in Mac OS X 10.7.x and 10.8.x?
Hi. Someone told me that Mac OS X 10.7.x and 10.8.x do not come with iLife like the older Mac OS X versions (e.g., 10.5.x). I did not know this! Since my client uses iPhoto that came preinstalled on his old 2008 MacBook Pro's Mac OS X 10.5.x (10.5.8 right now), can he use the old one from 10.5.8? Or will he need a third party replacement (needs to import/copy the old image files) or buy a new iPhoto version for his photo(graph)s? I recalled he did not like iPhoto and wonder if the new one is any better. Thank you in advance. :) -- Quote of the Week: "Every ruler...

Ann: ActiveDeveloper 2.16 released for Mac OS X 10.3 10.2 #2
ActiveDeveloper 2.16 released for MacOS X 10.3 and 10.2 Our "Develop & Continue" Objective-C & C IDE and Debugger Your companion for Cocoa, WebKit, and QuickTime. With its "Develop & Continue" ActiveDeveloper takes an Object and Development oriented approach to merging Objective-C Development and Debugging into ONE single combined activity - as opposed to the more Debugging and C stack level oriented approach taken in Xcode. ActiveDeveloper version 2.16 is integrated with the new Xcode IDE similar to how it has worked in concert with Projec...

Ann: ActiveDeveloper 2.16 released for Mac OS X 10.3 10.2
ActiveDeveloper 2.16 released for MacOS X 10.3 and 10.2 Our "Develop & Continue" Objective-C & C IDE and Debugger Your companion for Cocoa, WebKit, and QuickTime. With its "Develop & Continue" ActiveDeveloper takes an Object and Development oriented approach to merging Objective-C Development and Debugging into ONE single combined activity - as opposed to the more Debugging and C stack level oriented approach taken in Xcode. ActiveDeveloper version 2.16 is integrated with the new Xcode IDE similar to how it has worked in concert with Projec...

Ann: ActiveDeveloper 2.17 released for Mac OS X 10.3 and 10.2
ActiveDeveloper 2.17 released for MacOS X 10.3 and 10.2 Our "Develop & Continue" Objective-C & C IDE and Debugger Your companion for Cocoa, WebKit, and QuickTime. With its "Develop & Continue" ActiveDeveloper takes an Object and Development oriented approach to merging Objective-C Development and Debugging into ONE single combined activity - as opposed to the more Debugging and C stack level oriented approach taken in Xcode. ActiveDeveloper version 2.17 improves integration into the Xcode build system, and allows you to work in concert with...

Ann: ActiveDeveloper 2.17 released for Mac OS X 10.3 and 10.2
ActiveDeveloper 2.17 released for MacOS X 10.3 and 10.2 Our "Develop & Continue" Objective-C & C IDE and Debugger Your companion for Cocoa, WebKit, and QuickTime. With its "Develop & Continue" ActiveDeveloper takes an Object and Development oriented approach to merging Objective-C Development and Debugging into ONE single combined activity - as opposed to the more Debugging and C stack level oriented approach taken in Xcode. ActiveDeveloper version 2.17 improves integration into the Xcode build system, and allows you to work in concert with...

Ann: ActiveDeveloper 2.14 released on Mac OS X 10.2/10.1
ActiveDeveloper 2.14 released for MacOS X 10.2 and 10.1 Our Incremental Objective-C & C IDE, JIT compiler and Debugger Your companion for Cocoa and now also QuickTime Along with Cocoa, ActiveDeveloper v2.14 now also work with QuickTime applications in Objective-C. There is a new QTMovie example implementing a simple QuickTime Movie Player - to show you how it works. ActiveDeveloper v2.14 also has the 3. release of the "ActiveDeveloper User Guide" incorporating most of the user feedback we have had so far and giving a new Sample 3 of Activating the QTMovie player...

Ann: ActiveDeveloper 2.16 released for Mac OS X 10.3 10.2
ActiveDeveloper 2.16 released for MacOS X 10.3 and 10.2 Our "Develop & Continue" Objective-C & C IDE and Debugger Your companion for Cocoa, WebKit, and QuickTime. With its "Develop & Continue" ActiveDeveloper takes an Object and Development oriented approach to merging Objective-C Development and Debugging into ONE single combined activity - as opposed to the more Debugging and C stack level oriented approach taken in Xcode. ActiveDeveloper version 2.16 is integrated with the new Xcode IDE similar to how it has worked in concert with Projec...

Ann: ActiveDeveloper 2.14 released on Mac OS X 10.2/10.1
ActiveDeveloper 2.14 released for MacOS X 10.2 and 10.1 Our Incremental Objective-C & C IDE, JIT compiler and Debugger Your companion for Cocoa and now also QuickTime Along with Cocoa, ActiveDeveloper v2.14 now also work with QuickTime applications in Objective-C. There is a new QTMovie example implementing a simple QuickTime Movie Player - to show you how it works. ActiveDeveloper v2.14 also has the 3. release of the "ActiveDeveloper User Guide" incorporating most of the user feedback we have had so far and giving a new Sample 3 of Activating the QTMovie player...

Mac OS X Kerberos Extras updated for Mac OS X 10.3
-----BEGIN PGP SIGNED MESSAGE----- Just a reminder to coincide with today's release of Mac OS X 10.3 ("Panther"), the MIT Kerberos team has released an updated version of the Mac OS X Kerberos Extras that work with both Mac OS X 10.2 (Jaguar) and Mac OS X 10.3 (Panther). The Mac OS X Kerberos Extras allow CFM-based applications, such as Eudora and Fetch, to work with OS X's built-in Kerberos. Older releases of the OS X Kerberos Extras will not work with Mac OS X 10.3. You must have the latest release (which was released back in June) for it to work with Panther. However...

RE: Subject: Building ACE 5.3.1 on Mac OS X (Tiger) 10.4.2 was [ace-users] Building ACE on Mac OSX 10.4 #2
Hi Doug, > > Thanks for using the PRF. > > >> ACE VERSION: 5.3.1 > > This version of ACE is ANCIENT. The forthcoming ACE 5.4.8 beta should > work "out of the box" for Mac OS X Tiger. If you want a preview, > please download the version in our CVS repo at I know it isn't the most recent version available, but this version is used extensively across the corporation. Changing the version of ACE all these products used will cause the architect's heads to explode ;) Is it your opinion that 5.3.1 is hopeless cause on ...

Re: Subject: Building ACE 5.3.1 on Mac OS X (Tiger) 10.4.2 was [ace-users] Building ACE on Mac OSX 10.4 #2
Hi Jason, >> I know it isn't the most recent version available, but this version >> is used extensively across the corporation. Changing the version of >> ACE all these products used will cause the architect's heads to >> explode ;) >> >> Is it your opinion that 5.3.1 is hopeless cause on Tiger? It'll take some work, but companies like Riverace, Remedy, and OCI can help out with this stuff if staying with 5.3.1 is essential. Please see http://www.cs.wustl.edu/~schmidt/commercial-support.html for help with this stuff. >>...

RE: Subject: Building ACE 5.3.1 on Mac OS X (Tiger) 10.4.2 was [ace-users] Building ACE on Mac OSX 10.4 #2
Hi Jason, > > >> ACE VERSION: 5.3.1 > > > > This version of ACE is ANCIENT. The forthcoming ACE 5.4.8 > beta should > > work "out of the box" for Mac OS X Tiger. If you want a preview, > > please download the version in our CVS repo at > > I know it isn't the most recent version available, but this > version is used > extensively across the corporation. Changing the version of > ACE all these > products used will cause the architect's heads to explode ;) ;-) Right - this is where the value...

Mac Security: Firmware Updates In Mac OS X 10.4.6
Apple have released two articles regarding an update to the firmware in BOTH EFI using Macs (Macintels) AND OpenFirmware using Macs (PPCs). These firmware updates are part of the Mac OS X 10.4.6 update. They result in the following: - EFI Macs will boot a second time after the 10.4.6 update is installed. - OF Macs will boot a second AND third time after the 10.4.5 update is installed. So, when you get these extra reboots, don't worry. You are not on Windows. These are just firmware updates. Why the updates? To provide better security when using firmware passwords. Here are the t...

Web resources about - Mac OS X 10.10.2 and Security Update 2015-001 Released - comp.sys.mac.system

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Committee on National Security Systems - Wikipedia, the free encyclopedia
The National Security Telecommunications and Information Systems Security Committee (NSTISSC) was established under National Security Directive ...

Internet of Things security is so bad, there’s a search engine for sleeping kids
... ski slopes, swimming pools, colleges and schools, laboratories, and cash register cameras in retail stores, according to Dan Tentler , a security ...

Baby monitor security is so bad that there’s a chance someone is watching your sleeping kid
This is disturbing news for anyone who has a web-connected baby monitor. Ars Technica brings us word of search engine called Shodan whose main ...

Uber accidentally exposed one driver's personal tax information and social security number
... Uber reiterated that it only affected the one individual. "We take partner privacy very seriously and make every effort to ensure the security ...

3 inmates escape California maximum-security jail: 'Expect the worst'
Chicago Tribune 3 inmates escape California maximum-security jail: 'Expect the worst' Chicago Tribune This image provided by the Orange County, ...

US invokes 'national security' to stop sale of Philips LED unit to Chinese
When you look at an LED light, does national security jump to mind? If your answer is to scoff, would it change if the LEDs were in TV, mobile ...

Creative Planning Acquires 998 Shares of Fortune Brands Home & Security Inc (FBHS)
Creative Planning boosted its stake in Fortune Brands Home & Security Inc (NASDAQ:FBHS) by 27.4% during the fourth quarter, according to its ...

Resources last updated: 1/26/2016 1:59:36 AM