A total number of 45 vulnerabilities have been addressed

Oct 18, 2014 10:47 GMT  ·  By

The release of OS X Yosemite (10.10), the latest operating system from Apple, also coincided with issuing a set of updates that targeted serious security issues for the product, including the Bash bug dubbed Shellshock and the recently publicized SSL fallback problem.

In Yosemite, the Cupertino company addressed a number of 45 vulnerabilities, all tracked through CVE identifiers, affecting components such as WiFi, Bluetooth and App Sandbox, as well as products like Safari, QuickTime, Mail, Find My Mac and Dock.

Shellshock and POODLE are the latest security glitches to benefit from extra attention from the media, and Apple included fixes that prevent malicious actors from leveraging them against Mac users.

The bug in Bash command interpreter had been eliminated through a previous update provided to OS X 10.7 (Lion), OS X 10.8 (Mountain Lion), and OS X 10.9 (Mavericks) users, and it is a variant of the original one pushed to different Linux distributions.

In the case of POODLE, the attack that forces a downgrade of the security protocol to SSL 3.0, the security team at Apple decided to disable the vulnerable CBC cipher suites in the protocol when TLS connections failed.

A different solution was adopted by other developers by implementing the TLS_FALLBACK_SCSV (TLS Fallback Signaling Cipher Suite Value) mechanism in their products.

The security update for Yosemite also includes a patch that prevents brute-forcing the PIN for Find My Mac.