Why You Need to Update to OS X 10.10.3 Now

News
By published

Mac OS X 10.10.3, the latest security update for Macs, fixes a potentially devastating flaw, but only for OS X Yosemite users.

Updates to your operating system aren't just to get cool new features. In fact, their primary raison d'être is to provide vital security updates that patch holes and vulnerabilities. Such is the case with Mac OS X 10.10.3, which fixes a potentially devastating flaw, but only for OS X Yosemite users.

Emil Kvarnhammar, writing for Swedish security firm TrueSec's blog, explained that he discovered a nasty vulnerability known as Rootpipe back in October 2014. It took Apple six months, but the manufacturer did finally issue a patch in its most recent security update. The only trouble is that not everyone will receive it.

MORE: Apple's New 12-inch Retina MacBook Reviewed

As Kvarnhammar points out, Mac OS X 10.9.x and older will not receive the patch, necessitating an update to 10.10.3 as soon as possible. To be clear, this means that if you are running OS X Mavericks, Mountain Lion, Lion or Snow Leopard, you are missing out on a very important security update.

Rootpipe is a hack developed by Kvarnhammar himself that takes advantage of a backdoor in Apple's application program interface. Basically, it takes advantage of a hole in a Mac operating system's code, then escalates privilege so that any user can pretend to be an administrator. From there, hijacking the computer is child's play, as is installing all manner of spyware or malware.

One important thing to keep in mind is that Kvarnhammar is a researcher, and Rootpipe is a proof-of-concept. There is no evidence that hackers are currently taking advantage of this exploit in the wild.

However, Kvarnhammar shared some details about the process in his blog post, and will give a whole talk about it at Security Conference 2015 in Stockholm on May 28. After that, an enterprising malefactor could probably piece together a similar program.

Many Mac users are hesitant to upgrade to Yosemite because it has the potential to slow down older systems (most Macs from 2007 or later are eligible for a free upgrade), perhaps necessitating the purchase of an expensive new machine. We leave it to you to weigh a nasty security risk against a machine that runs at peak efficiency, and decide which is more important.

For instructions on how to upgrade, check Apple Support.

Marshall Honorof is a senior writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.

See more Computing News
TOPICS
Marshall Honorof
Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

20 Comments Comment from the forums
  • mf Red
    Isn't "the primary raison d'être" redundant?
    Reply
  • kenjitamura
    Six months for crucial security patches? I guess for apple that's an improvement in response time but still really dang slow.
    Reply
  • iam2thecrowe
    Six months for crucial security patches? I guess for apple that's an improvement in response time but still really dang slow.
    I agree. People complain a lot about all the security flaws in Windows, and Apple usere boast about how secure their OS apparently is....? or at least thats what the salesman told them. Windows is continuously getting patched, and quite quickly, I personally feel its at least as secure, if not more, its just unfortunate that it is more popular and is therefore targeted more.
    Reply
  • shiitaki
    First, people don't usually 'Choose' Windows. It is what every computer Dell sells, it is what you get if you don't buy an Apple computer. Does Lenovo offer OS X? So it is not a 'choice'. It is ironic that you have to buy an Apple computer to have a choice, between Windows or OS X.

    Keep telling yourself that Windows is more 'popular', the reality is it is simply necessary if you are going to use that Dell or Lenovo computer.

    Windows is less secure because the user base is less educated, less knowledgeable, and trained to click 'Okay' as standard procedure to use their computer like a trained monkey! So when a important box pops up, people don't read them! They just blindly click 'Okay'. Bill Gates apparently never heard the 'cry wolf' story.
    Reply
  • ohim
    First, people don't usually 'Choose' Windows. It is what every computer Dell sells, it is what you get if you don't buy an Apple computer. Does Lenovo offer OS X? So it is not a 'choice'. It is ironic that you have to buy an Apple computer to have a choice, between Windows or OS X.

    Keep telling yourself that Windows is more 'popular', the reality is it is simply necessary if you are going to use that Dell or Lenovo computer.

    Windows is less secure because the user base is less educated, less knowledgeable, and trained to click 'Okay' as standard procedure to use their computer like a trained monkey! So when a important box pops up, people don't read them! They just blindly click 'Okay'. Bill Gates apparently never heard the 'cry wolf' story.
    You are a special breed no ? Do you even hear what comes out of your mouth (well.. finger tips) ?
    Reply
  • rluker5
    First, people don't usually 'Choose' Windows. It is what every computer Dell sells, it is what you get if you don't buy an Apple computer. Does Lenovo offer OS X? So it is not a 'choice'. It is ironic that you have to buy an Apple computer to have a choice, between Windows or OS X.

    Keep telling yourself that Windows is more 'popular', the reality is it is simply necessary if you are going to use that Dell or Lenovo computer.

    Windows is less secure because the user base is less educated, less knowledgeable, and trained to click 'Okay' as standard procedure to use their computer like a trained monkey! So when a important box pops up, people don't read them! They just blindly click 'Okay'. Bill Gates apparently never heard the 'cry wolf' story.
    Apple is responsible for osx not being available on those computers. With non-apple products users have the choice of switching to Linux or dual booting with it, but because so few do, manufacturers and retailers don't offer it often since they want to make their products as likely to sell as possible. And while it is true that there are less educated users among all os's, the most educated can use them all. It is Apple that has the consumption (IE tv) oriented ecosystem and corresponding userbase.
    Reply
  • mortsmi7
    iSharted said:
    First, people don't usually 'Choose' Windows. It is what every computer Dell sells, it is what you get if you don't buy an Apple computer. Does Lenovo offer OS X? So it is not a 'choice'. It is ironic that you have to buy an Apple computer to have a choice, between Windows or OS X.

    Keep telling yourself that Windows is more 'popular', the reality is it is simply necessary if you are going to use that Dell or Lenovo computer.

    Windows is less secure because the user base is less educated, less knowledgeable, and trained to click 'Okay' as standard procedure to use their computer like a trained monkey! So when a important box pops up, people don't read them! They just blindly click 'Okay'. Bill Gates apparently never heard the 'cry wolf' story.
    Reply
  • Grandmastersexsay
    Do Apple users really think they are better educated than Windows users? Apple's operating systems are the most dumbed down and locked down software out there. They don't even think you are capable of changing your own battery. One mouse button? They market to idiots. Apple thinks you are retarded, and for the most part, they are right.
    Reply
  • Vlad Rose
    Wow, Mac is sooo secure compared to Windows as the fans try to tell you. It only takes them 6 months to fix a major security hole... lol
    Reply
  • Marshall Honorof
    While I don't think six months is an acceptable timetable for patching a flaw of this magnitude, I also don't think this issue really says much about the Windows/Mac debate in general. Both systems have enormous user bases, and as such, both are attractive targets for cybercriminals. As such, neither one is going to be totally safe, and users must protect themselves as best they can.
    Reply