14 DAY TRIAL // Apple this week rolled out not just OS X Yosemite, but also a security update required to patch existing bugs in Mountain Lion and Mavericks, two earlier versions of the Mac operating system.
Security Update 2014-005 is a free download from Apple Support or Softpedia, and you can apply it without fear that it will change your system. However, if you decide to upgrade to Yosemite altogether – OS X 10.10 – you won’t need to apply this standalone patch anymore.
Fixes just one bug
According to Apple Support, Security Update 2014-005 addresses a single flaw discovered by Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of the Google Security Team in the Secure Transport component.
Affecting OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5, the flaw involves the SSL architecture: “An attacker may be able to decrypt data protected by SSL,” reads the documentation.
The advisory then describes the flaw in detail. According to the Cupertino company, “There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection attempts fail.”
In a rare move, Apple specifically informs users that Security Update 2014-005 includes the patch for OS X bash Update 1.0.
The security side of OS X Yosemite
As noted above, any user who is making the jump to OS X 10.10 doesn’t need to worry about installing Security Update 2014-005. The reason is obvious: the OS includes fixes for all the known security bugs so far, including the one addressed in the standalone security update for Mavericks and Mountain Lion users.
In fact, the reason why Apple releases patches like Security Update 2014-005 is that some users prefer to address security-related problems on their computers without having to upgrade to a new OS altogether.
It isn’t clear if Yosemite addresses other flaws that Apple has left exploitable in older versions of OS X, but there’s no reason to believe that this is the case.
To download either update, you can visit the links below or use Apple’s own Software Update from the Apple Menu on your Mac. Yosemite is a free download for any Mac user running Mac OS X Mountain Lion version 10.6.6 or newer.