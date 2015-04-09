Trending

Why You Need to Update to OS X 10.10.3 Now

Mac OS X 10.10.3, the latest security update for Macs, fixes a potentially devastating flaw, but only for OS X Yosemite users.

Updates to your operating system aren't just to get cool new features. In fact, their primary raison d'être is to provide vital security updates that patch holes and vulnerabilities. Such is the case with Mac OS X 10.10.3, which fixes a potentially devastating flaw, but only for OS X Yosemite users.

Emil Kvarnhammar, writing for Swedish security firm TrueSec's blog, explained that he discovered a nasty vulnerability known as Rootpipe back in October 2014. It took Apple six months, but the manufacturer did finally issue a patch in its most recent security update. The only trouble is that not everyone will receive it.

As Kvarnhammar points out, Mac OS X 10.9.x and older will not receive the patch, necessitating an update to 10.10.3 as soon as possible. To be clear, this means that if you are running OS X Mavericks, Mountain Lion, Lion or Snow Leopard, you are missing out on a very important security update.

Rootpipe is a hack developed by Kvarnhammar himself that takes advantage of a backdoor in Apple's application program interface. Basically, it takes advantage of a hole in a Mac operating system's code, then escalates privilege so that any user can pretend to be an administrator. From there, hijacking the computer is child's play, as is installing all manner of spyware or malware.

One important thing to keep in mind is that Kvarnhammar is a researcher, and Rootpipe is a proof-of-concept. There is no evidence that hackers are currently taking advantage of this exploit in the wild.

However, Kvarnhammar shared some details about the process in his blog post, and will give a whole talk about it at Security Conference 2015 in Stockholm on May 28. After that, an enterprising malefactor could probably piece together a similar program.

Many Mac users are hesitant to upgrade to Yosemite because it has the potential to slow down older systems (most Macs from 2007 or later are eligible for a free upgrade), perhaps necessitating the purchase of an expensive new machine. We leave it to you to weigh a nasty security risk against a machine that runs at peak efficiency, and decide which is more important.

For instructions on how to upgrade, check Apple Support.

Marshall Honorof is a senior writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.

Security
20 Comments Comment from the forums
  • mf Red 09 April 2015 23:26
    Isn't "the primary raison d'être" redundant?
    Reply
  • kenjitamura 10 April 2015 01:29
    Six months for crucial security patches? I guess for apple that's an improvement in response time but still really dang slow.
    Reply
  • iam2thecrowe 10 April 2015 02:16
    Six months for crucial security patches? I guess for apple that's an improvement in response time but still really dang slow.
    I agree. People complain a lot about all the security flaws in Windows, and Apple usere boast about how secure their OS apparently is....? or at least thats what the salesman told them. Windows is continuously getting patched, and quite quickly, I personally feel its at least as secure, if not more, its just unfortunate that it is more popular and is therefore targeted more.
    Reply
  • shiitaki 10 April 2015 03:08
    Reply
  • ohim 10 April 2015 07:53
    You are a special breed no ? Do you even hear what comes out of your mouth (well.. finger tips) ?
    Reply
  • rluker5 10 April 2015 09:44
    Apple is responsible for osx not being available on those computers. With non-apple products users have the choice of switching to Linux or dual booting with it, but because so few do, manufacturers and retailers don't offer it often since they want to make their products as likely to sell as possible. And while it is true that there are less educated users among all os's, the most educated can use them all. It is Apple that has the consumption (IE tv) oriented ecosystem and corresponding userbase.
    Reply
  • mortsmi7 10 April 2015 13:53
    Reply
  • Grandmastersexsay 10 April 2015 14:13
    Do Apple users really think they are better educated than Windows users? Apple's operating systems are the most dumbed down and locked down software out there. They don't even think you are capable of changing your own battery. One mouse button? They market to idiots. Apple thinks you are retarded, and for the most part, they are right.
    Reply
  • Vlad Rose 10 April 2015 14:29
    Wow, Mac is sooo secure compared to Windows as the fans try to tell you. It only takes them 6 months to fix a major security hole... lol
    Reply
  • Marshall Honorof 10 April 2015 16:22
    While I don't think six months is an acceptable timetable for patching a flaw of this magnitude, I also don't think this issue really says much about the Windows/Mac debate in general. Both systems have enormous user bases, and as such, both are attractive targets for cybercriminals. As such, neither one is going to be totally safe, and users must protect themselves as best they can.
    Reply