First, Google spilled the beans about a security flaw in Windows before Microsoft had a patch ready, now they’re revealing security issues with Apple’s OS X operating system.
Google discovered the bugs a few months ago and informed Apple about them. When Apple didn’t have a patch ready after 90 days, Google went public with the information as part of their Project Zero security initiative.
Google published the six flaws on their security research website.
These flaws could allow a hacker to elevate their privilege level and take over your computer.
Apple has a long-standing policy of not discussing security issues until they have patches ready to fix them, because they say that giving users a heads-up also alerts hackers that the flaws exist in the first place.
Apple issued a major update to OS X Yosemite a week later that took care of those issues and several others.
Among the issues tackled in the OS X 10.10.2 update are slow loading of web pages, a security and stability patch for Safari, and an issue that can cause the input method to switch languages.
There are also new features like the ability to browse your iCloud Drive in Time Machine and improved sync when using Bluetooth headphones.
In addition to resolving the issues revealed by Google, this update also takes care of a hardware issue called Thunderstrike that allowed an attacker to use removable media to infect your machine.
To learn more about the updates click here.
~ Cynthia
The OSX 10.10.2 patch released a week or so ago did the following to my and other’s iMacs:
Crippled USB ports so that mouse and keyboard configurations had to be reseated/located in order to work again. It also broke USB external drives for many people, which ironically, prevented them from doing backup restores.
Secondly, it did some sort of updates to Safari which allowed the malware “quick-start” to install itself into the browser. This godawful thing presents constant pop-ups to other malware sites, such as MacKeeper, as soon as the browser is launched. If one clicks the “remove quick-start” link at the bottom of the page, one is immediately presented with the MacKeeper website as a solution for removing the very software which led you to MacKeeper in the first place. This is the worst patch Apple has ever released in my memory, and it reminds me of Windows in that respect, except at least Microsoft is forthcoming for fixes to this sort of thing. Apple refuses to even acknowledge it or adequately respond to affected users.