As part of its hardware announcements today, Apple issued iOS 8.2 for iPhone and iPad users, and as is somewhat customary, has quietly released a security update for OS X that patches a number of known vulnerabilities in the software. As in most cases, the vulnerabilities here are somewhat cryptic to most people; however, they are important so be sure you run Software Update on your Mac as soon as you can, to keep your system patched.
There are five specific vulnerabilities addressed by this update: One was in iCloud Keychain recovery could allow someone on your network to access your system and execute arbitrary code. Three are in apple’s core services (IOAccelerator, IOSurface, and the OS X Kernel) that could allow a malicious program to run code it would otherwise be blocked from running.
The update, called “Security Update 2015-002” should be available for OS X in the Software Update section of the App Store, so if you have not already received a notice on your system to update, then you can do so by going to the Apple menu and choosing App Store or Software Update, and then checking for and applying the update when it appears. This update will require you to restart your Mac.
As always, be sure you fully back up your system before applying this or any other updates.
Fails to patch OS 10.10.3 Beta. Installer crashes immediately on “Open.”
After installing the update on an iMac running 10.8.5, I got an error message at restart: ‘The document “mach_kernel” could not be opened. You don’t have permission.’ After searching a bit I found that this file sometimes becomes visible in the Finder. Sure enough, it was visible. I found a Apple Support document with the terminal command to make it invisible again. But I still got the same error at restart. I finally checked my list of Login Items, and there it was! I had to check its Hide box before I could remove it from Login Items. Very strange.
On another Mac running 10.9.5, the security update also made mach_kernel visible, but did not add it to the Login Items.