OS X update fixes major Yosemite security flaw

Apple OS X Yosemite

An OS X patch to Apple's Yosemite operating system released on Thursday brings a number of improvements to Mac users. The most important component of the update is the security fix, which patches the DYLD vulnerability uncovered by a security researcher last month.

"The OS X Yosemite 10.10.5 update improves the stability, compatibility, and security of your Mac, and is recommended for all users," Apple said in a statement.

Apple's patch resolves a privilege escalation flaw in OS X that allows a remote hacker to take control of a user's Mac without needing an administrator password. The Guardian reports that this flaw has already been exploited by at least one known adware.

In its release notes, Apple credited security researcher Stefan Esser for discovering the flaw, and claimed that the security issue "was addressed through improved environment sanitization," in the OS X 10.10.5 update. The patch is available for users running OS X Yosemite versions 10.10 through 10.10.4. Apple did not provide any additional details.

Other patches and fixes

In addition to fixing the privilege flaw, Apple also patched a number of security vulnerabilities in its latest OS update, including vulnerabilities related to Apple ID, Bluetooth and more. Complete details of the security patches can be found on Apple's support site.

Given the seriousness of these security flaws, Yosemite users are advised to download and install the OS X 10.10.5 update as soon as possible.

Esser, who initially discovered the DYLD vulnerability, took to Twitter to complain that there are still issues with Apple's patch.

"Hmm so Apple released 10.10.5 fixed some bugs and made another security problem worse than before," said Esser. He did not elaborate on any additional problems created by OS X 10.10.5 and has not responded to our request for comment.

Additionally, Apple's latest update also fixes issues with the Mail, Photos and QuickTime Player apps.

TOPICS