Today Apple released the second update to the latest OS X, 10.10.2.
While the detailed list of security fixes in this update has not yet been released we know from other sources that Apple fixed the Thunderstrike exploit, briefly mentioned in my last post, and three of the vulnerabilities reported by Google last week. Also resolved is an issue where Spotlight would load remote email contents even if Mail itself had this disabled. Some of the other fixes in this release address poor Wi-Fi performance, slow loading webpages, the ability to browse iCloud Drive in Time Machine and Safari stability and security improvements.
Separate Safari updates were released for 10.8 Mountain Lion and 10.9 Mavericks users. Both updates address stability and security. Mountain Lion users will see their version of Safari updated to 6.2.3 and Mavericks users to 7.1.3. Four WebKit issues were addressed in these updates. Safari 8.0.3 for Yosemite users is included in the OS X 10.10.2 update.
Also released was Security Update 2015-001 which “is recommended for all users and improves the security of OS X.” The update is available for 10.9.5 Mavericks users and is included in the OS X 10.10.2 update for Yosemite users. Issues addressed are AFP file sharing, bluetooth, network cache, CoreGraphics and other vulnerabilities. It’s quite a list which can be found here.
It is recommended to update your backups before installing these (or any) updates. In the case of a second OS X release I personally like to download and apply the combo update, this typically has resolved more of the ‘new OS’ bugs than simply running the single version update. At the time of writing the combo update and the above mentioned updates are not available for direct download. Keep an eye on the Apple downloads page where the combo update should pop up soon.