companies not fixing security holes in non-current software really isn't anything new. If you gave me some time I could probably come up with a fairly long list of bugs not fixed in prior Mac OS X's. I can really only think of a single example of Apple releasing a security update for an X that was more than one version back.
I work for the Department of Redundancy Department
Are you still going to hang on to your old version of OS X if this Engadget article is true?
Just how serious is it if the flaw "was discovered ... back in October, but has actually existed since at least 2011"?
And if the flaw involves System Preferences internal to OS X, how might some nefarious sort gain access to it if one locks out unauthorized access (via OS X's firewall and sharing nothing with the outside world)?
companies not fixing security holes in non-current software really isn't anything new.
Security Update 2015-002 was issued for Mounty, Mavericks & Yosemite, and 2015-004 was issued for Mounty, Mavericks & (I assume) Yosemite (via the 10.10.3 Update issued on the same day), so issuing 2015-005 for Yosemite only would be pretty shabby of Apple...but not atypical.
Last edited by artie505; 04/11/1512:38 AM. Reason: Clarity
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
I was anticipating a 2015-005 update (...should have put it in quotes) because I did a typically lousy job digesting joemike's linked article and it didn't register that a fix was already in place.
Last edited by artie505; 04/11/1507:23 AM. Reason: Corrections
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec (Emphasis added)
applies exclusively to Yosemite.
Doesn't that mean that Apple has effectively dropped support for Mavericks and Mounty (Security Update 2015-004 notwithstanding), despite the fact that OS X 10.11 hasn't even been announced, let alone released, or are they still "supporting" those versions of OS X but only in part?
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire