Apple released separate security updates for OS X Yosemite and OS X El Capitan on Thursday. Both updates patch the same two critical security flaws. One flaw potentially exposed kernel memory, and the other allowed a maliciously crafted app to take over your system.
The update for Yosemite is: Security Update 2016-005 (10.10.5) – (468MB Download)
The update for El Capitan is: Security Update 2016-001 (10.11.6) – (414.9MB Download)
The patch notes for both say simply that the update, “is recommended for all users and improves the security of OS X.”
Nuts and Bolts
Apple’s security update site, though, specifies the following for both updates:
Kernel
- Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
- Impact: An application may be able to disclose kernel memory
- Description: A validation issue was addressed through improved input sanitization.
- CVE-2016-4655: Citizen Lab and Lookout
Kernel
- Available for: OS X Yosemite v10.10.5 and OS X El Capitan v10.11.6
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed through improved memory handling.
- CVE-2016-4656: Citizen Lab and Lookout
The download sizes above are for the standalone updates available through Apple’s support site. You can also download the update for your OS through the Mac App Store.
Great. Thanks for the heads up!