About Apple security updates
- Oct 16, 2014 2014-5 OS X 10.10.5 (Yosemite) OS X version 10.10, also known as 'Yosemite', is the eleventh major release of OS X, Apple Inc's desktop and server operating system for Macintosh computers.OS X Yosemite was announced on June 2, 2014, at WWDC 2014, and was released to the public on October 16, 2014, as a free update through the Mac App Store. With this release of OS X.
- The application lies within Productivity Tools, more precisely Office Tools. The most popular versions of the program are 5.5, 4.3 and 3.0. The actual developer of this software for Mac is Apple Inc. This software can be installed on Mac OS X 10.10 or later. This app's bundle is identified as com.apple.iWork.Pages.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Mac OS X 10.10.5 was an update to Mac OS X 10.10 released on August 13, 2015. For detailed information about the security content of this update, see Apple security updates.
For more information about security, see the Apple Product Security page. You can encrypt communications with Apple using the Apple Product Security PGP Key.
Apple security documents reference vulnerabilities by CVE-ID when possible.
macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite
Released May 15, 2017
802.1X
Available for: macOS Sierra 10.12.4
Impact: A malicious network with 802.1X authentication may be able to capture user network credentials
Description: A certificate validation issue existed in EAP-TLS when a certificate changed. This issue was addressed through improved certificate validation.
CVE-2017-6988: Tim Cappalli of Aruba, a Hewlett Packard Enterprise company
Accessibility Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-6978: Ian Beer of Google Project Zero
CoreAnimation
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: Processing maliciously crafted data may lead to arbitrary code execution
Description: A memory consumption issue was addressed through improved memory handling.
CVE-2017-2527: Ian Beer of Google Project Zero
CoreAudio
Available for: macOS Sierra 10.12.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team
CoreFoundation
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: Parsing maliciously crafted data may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2522: Ian Beer of Google Project Zero
Entry added May 19, 2017
CoreText
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: Processing a maliciously crafted file may lead to application termination
Description: A denial of service issue was addressed through improved validation.
CVE-2017-7003: Jake Davis of SPYSCAPE (@DoubleJake), João Henrique Neves and Stephen Goldberg of Salesforce
Entry updated June 7, 2017
DiskArbitration
Available for: macOS Sierra 10.12.4 and OS X El Capitan 10.11.6
Impact: An application may be able to gain system privileges
Mac os x extra resources or priority for the mouse. Description: A race condition was addressed with additional filesystem restrictions.
CVE-2017-2533: Samuel Groß and Niklas Baumstark working with Trend Micro's Zero Day Initiative
Foundation
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: Parsing maliciously crafted data may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2523: Ian Beer of Google Project Zero
Entry added May 19, 2017
HFS
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-6990: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
iBooks
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted book may open arbitrary websites without user permission
Description: A URL handling issue was addressed through improved state management.
Pages Os X 10.10 5
CVE-2017-2497: Jun Kokatsu (@shhnjk)
iBooks
Available for: macOS Sierra 10.12.4
Impact: An application may be able to execute arbitrary code with root privileges
Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.
CVE-2017-6981: evi1m0 of YSRC (sec.ly.com)
iBooks
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-6986: evi1m0 of YSRC (sec.ly.com) & Heige (SuperHei) of Knownsec 404 Security Team
Intel Graphics Driver
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2503: sss and Axis of 360Nirvan team
IOGraphics
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2545: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative
IOSurface
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to gain kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-6979: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
Entry updated May 17, 2017
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2494: Jann Horn of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed through improved locking.
CVE-2017-2501: Ian Beer of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-2507: Ian Beer of Google Project Zero
CVE-2017-2509: Jann Horn of Google Project Zero
CVE-2017-6987: Patrick Wardle of Synack
Kernel
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-2516: Jann Horn of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2546: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
Multi-Touch
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2542: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative
CVE-2017-2543: 360 Security (@mj0011sec) working with Trend Micro's Zero Day Initiative
NVIDIA Graphics Drivers
Available for: macOS Sierra 10.12.4
Impact: An application may be able to gain kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-6985: Axis and sss of Nirvan Team of Qihoo 360 and Simon Huang (@HuangShaomang) of IceSword Lab of Qihoo 360
Sandbox
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2512: Federico Bento of Faculty of Sciences, University of Porto
Security
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to escape its sandbox
Description: A resource exhaustion issue was addressed through improved input validation.
CVE-2017-2535: Samuel Groß and Niklas Baumstark working with Trend Micro's Zero Day Initiative
Security
Available for: macOS Sierra 10.12.4
Impact: A local application may be able to send privileged XPC messages without entitlements
Description: A race condition was addressed with improved consistency checks.
CVE-2017-7004: Ian Beer of Google Project Zero
Entry added June 8, 2017
Speech Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: An access issue was addressed through additional sandbox restrictions.
CVE-2017-2534: Samuel Groß and Niklas Baumstark working with Trend Micro's Zero Day Initiative
Speech Framework
Available for: macOS Sierra 10.12.4
Impact: An application may be able to escape its sandbox
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-6977: Samuel Groß and Niklas Baumstark working with Trend Micro's Zero Day Initiative
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code execution
Description: A use after free issue was addressed through improved memory management.
CVE-2017-2513: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code execution
Description: A buffer overflow issue was addressed through improved memory handling.
CVE-2017-2518: found by OSS-Fuzz
CVE-2017-2520: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: A maliciously crafted SQL query may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2519: found by OSS-Fuzz
SQLite
Available for: macOS Sierra 10.12.4
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved input validation.
CVE-2017-6983: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
CVE-2017-6991: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
CVE-2017-7000: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
CVE-2017-7001: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
CVE-2017-7002: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
Entry updated May 24, 2017
TextInput
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: Parsing maliciously crafted data may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2524: Ian Beer of Google Project Zero
WindowServer
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to gain system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2017-2537: Chaitin Security Research Lab (@ChaitinTech) working with Trend Micro's Zero Day Initiative
CVE-2017-2541: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative
CVE-2017-2548: Team Sniper (Keen Lab and PC Mgr) working with Trend Micro's Zero Day Initiative
WindowServer
Available for: macOS Sierra 10.12.4, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2017-2540: Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative
Additional recognition
Kernel
We would like to acknowledge Jann Horn of Google Project Zero for their assistance.
CFNetwork
We would like to acknowledge Samuel Groß and Niklas Baumstark working with Trend Micro's Zero Day Initiative for their assistance.
macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite includes the security content of Safari 10.1.1.
This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.
On this page:
- Reinstalling Yosemite on a computer alreadyrunning it
Upgrading from previous versions to OS X 10.10 (Yosemite)
OS X 10.10 (Yosemite) is no longer available for purchase from theMac App Store. If you have a previous version of the operating system,and your computer meets the system requirementsfor OS X 10.11 (El Capitan), you can upgrade directly to thatversion instead; see ARCHIVED: Install or upgrade OS X 10.11 (El Capitan)
Reinstalling Yosemite on a computer already running it
To reinstall or recover Yosemite, you must have an active Internetconnection. If you are on campus at IU, UITS recommendsthe wired Ethernet network instead of wireless. However, if IUSecure is your only option, see Connect to an IU wireless network in macOS if booted from your Recovery HD
Reinstalling while keeping files, applications, and settings
- Restart your computer, and immediately hold down
command-r
until the gray Apple logo appears. - If prompted, select your main language and then click the arrow.
- Click Reinstall OS X, and then Continue. Follow the instructions on the screen, and then choose your hard disk. Click Install, and enter your Apple ID information if prompted.
- When the installation is complete, select App Store.. from the Apple menu, and install any available updates.
Reinstalling while erasing everything on your computer
- Restart your computer, and immediately hold down
command-r
until the gray Apple logo appears. - If you see a screen asking you to select your main language,choose it, and then click the arrow.
- Click Disk Utility, and then Continue.
- In Disk Utility:
- Click your hard disk in the left column, and thenclick the Erase tab.
- Next to 'Format:', make sure Mac OS Extended (Journaled)is selected. In the 'Name:' field, give your disk a name.
- If you would like to securely erase your data, click SecurityOptions.., adjust the slider accordingly, and clickOK.
- When you're ready, click Erase.., and thenErase again to erase your disk.
- Once it's completed, quit Disk Utility.
- Click Reinstall OS X, and then Continue:
- Follow the instructions on the screen, and then choose your harddisk.
- Click Install. If prompted, enter your Apple IDinformation.
- Once the installation is complete, you'll beasked to enter basic information, and have the option to transfer datafrom another computer or backup.
- From the Apple menu, select App Store, and then installany available updates.