OS X 10.10.2 Update

OS X Update 10.10.2

Apple releases OS X 10.10.2 Update build 14C109.

About the update

  • This update includes the following improvements:
  • Resolves an issue that might cause Wi-Fi to disconnect
  • Resolves an issue that might cause web pages to load slowly
  • Fixes an issue that could cause Spotlight to load remote email content when this preference is disabled in Mail
  • Improves audio and video sync when using Bluetooth headphones
  • Adds the ability to browse iCloud Drive in Time Machine
  • Improves VoiceOver speech performance
  • Resolves an issue that could cause VoiceOver to echo characters when entering text on a web page
  • Addresses an issue that could cause the input method to switch languages unexpectedly
  • Improves stability and security in Safari

Enterprise content

For enterprise customers, this update:

  • Improves performance for browsing DFS shares in the Finder
  • Fixes an issue where certain Calendar invitations could be displayed at the incorrect time
  • Fixes an issue for Microsoft Exchange accounts where the organizer of a meeting might not be notified when someone accepts an invitation using Calendar
  • Addresses an issue where Safari could continually prompt for credentials when accessing a site protected by NTLM authentication
  • Adds the ability to set “Out of Office” reply dates for Microsoft Exchange accounts in Mail

Security Content

This update is said to include fix against “Thunderstrike” (via iMore).

One thing I noticed with the pre-release build, the computer was no longer incremented. The last time it happened my MacBook Pro was named “Deus ex Macintosh (13)”.

Apple Issues Patch for Critical NTP Vulnerability

Apple NTP Security Update 20141222

Apple issues OS X NTP Security Update for Mountain LionMavericks and Yosemite.

OS X NTP Security Update
ntpd

Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10.1

Impact: A remote attacker may be able to execute arbitrary code

Description: Several issues existed in ntpd that would have allowed an attacker to trigger buffer overflows. These issues were addressed through improved error checking.

To verify the ntpd version, type the following command in Terminal: what /usr/sbin/ntpd. This update includes the following versions:

Mountain Lion: ntp-77.1.1
Mavericks: ntp-88.1.1
Yosemite: ntp-92.5.1

CVE-ID

CVE-2014-9295 : Stephen Roettger of the Google Security Team

From ICS-CERT:

Google Security Team researchers Neel Mehta and Stephen Roettger have coordinated multiple vulnerabilities with CERT/CC concerning the Network Time Protocol (NTP). As NTP is widely used within operational Industrial Control Systems deployments, NCCIC/ICS-CERT is providing this information for US Critical Infrastructure asset owners and operators for awareness and to identify mitigations for affected devices. ICS-CERT may release updates as additional information becomes available.

These vulnerabilities could be exploited remotely. Exploits that target these vulnerabilities are publicly available.

Products using NTP service prior to NTP-4.2.8 are affected. No specific vendor is specified because this is an open source protocol.

iTunes 11.3.1

iTunes 11.3.1

Apple released iTunes 11.3.1

iTunes 11.3.1 addresses a problem where subscribed podcasts may stop updating with new episodes and resolves an issue where iTunes may become unresponsive while browsing your podcasts episodes in a list.