Why You Need to Update to OS X 10.10.3 Now

Updates to your operating system aren't just to get cool new features. In fact, their primary raison d'être is to provide vital security updates that patch holes and vulnerabilities. Such is the case with Mac OS X 10.10.3, which fixes a potentially devastating flaw, but only for OS X Yosemite users.

Emil Kvarnhammar, writing for Swedish security firm TrueSec's blog, explained that he discovered a nasty vulnerability known as Rootpipe back in October 2014. It took Apple six months, but the manufacturer did finally issue a patch in its most recent security update. The only trouble is that not everyone will receive it.

MORE: Apple's New 12-inch Retina MacBook Reviewed

As Kvarnhammar points out, Mac OS X 10.9.x and older will not receive the patch, necessitating an update to 10.10.3 as soon as possible. To be clear, this means that if you are running OS X Mavericks, Mountain Lion, Lion or Snow Leopard, you are missing out on a very important security update.

Rootpipe is a hack developed by Kvarnhammar himself that takes advantage of a backdoor in Apple's application program interface. Basically, it takes advantage of a hole in a Mac operating system's code, then escalates privilege so that any user can pretend to be an administrator. From there, hijacking the computer is child's play, as is installing all manner of spyware or malware.

One important thing to keep in mind is that Kvarnhammar is a researcher, and Rootpipe is a proof-of-concept. There is no evidence that hackers are currently taking advantage of this exploit in the wild.

However, Kvarnhammar shared some details about the process in his blog post, and will give a whole talk about it at Security Conference 2015 in Stockholm on May 28. After that, an enterprising malefactor could probably piece together a similar program.

Many Mac users are hesitant to upgrade to Yosemite because it has the potential to slow down older systems (most Macs from 2007 or later are eligible for a free upgrade), perhaps necessitating the purchase of an expensive new machine. We leave it to you to weigh a nasty security risk against a machine that runs at peak efficiency, and decide which is more important.

For instructions on how to upgrade, check Apple Support.

Marshall Honorof is a senior writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.

See more Computing News

TOPICS

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi.

Latest in macOS

Mac Studio on a desk hooked up to a Studio DIsplay

Mac Studio M3 Ultra: 3 reasons to buy and 2 reasons to skip

5 great cloud gaming services for Mac that you should try right now

The widget you've always wanted comes to your Mac menu bar in Sequoia 15.2

USB-C Mac accessories don't work with older macOS versions — this is a huge pain

How to keep to keep iCloud Drive files downloaded on your Mac

How to access your passwords from the menu bar in macOS Sequoia

MacOS Sequoia lets you view saved passwords via the menu bar — here's how

Latest in News

Nothing Phone 3a Pro rear side showing the camera

Nothing Phone 3a could start charging for using AI features — and I think that's a terrible idea

ChatGPT’s new image generator is now 'delayed for a while' for free users

iPhone 17 Pro may not record 8K video after all (Update)

Screenshots of the new Garmin Connect+ premium features

Garmin launches a paywall — here are all the premium Connect+ features that will cost you $6.99 a month

NYT Connections today hints and answers — Thursday, March 27 (#655)

iOS 18.4 brings a bunch of helpful upgrades to your iPhone — and this is my favorite

More about macos

Mac Studio M3 Ultra: 3 reasons to buy and 2 reasons to skip

5 great cloud gaming services for Mac that you should try right now

ChatGPT’s new image generator is now 'delayed for a while' for free users

See more latest

20 Comments Comment from the forums

mf Red

Isn't "the primary raison d'être" redundant?
Reply
kenjitamura

Six months for crucial security patches? I guess for apple that's an improvement in response time but still really dang slow.
Reply
iam2thecrowe

Six months for crucial security patches? I guess for apple that's an improvement in response time but still really dang slow.
I agree. People complain a lot about all the security flaws in Windows, and Apple usere boast about how secure their OS apparently is....? or at least thats what the salesman told them. Windows is continuously getting patched, and quite quickly, I personally feel its at least as secure, if not more, its just unfortunate that it is more popular and is therefore targeted more.
Reply
shiitaki

First, people don't usually 'Choose' Windows. It is what every computer Dell sells, it is what you get if you don't buy an Apple computer. Does Lenovo offer OS X? So it is not a 'choice'. It is ironic that you have to buy an Apple computer to have a choice, between Windows or OS X.

Keep telling yourself that Windows is more 'popular', the reality is it is simply necessary if you are going to use that Dell or Lenovo computer.

Windows is less secure because the user base is less educated, less knowledgeable, and trained to click 'Okay' as standard procedure to use their computer like a trained monkey! So when a important box pops up, people don't read them! They just blindly click 'Okay'. Bill Gates apparently never heard the 'cry wolf' story.

Reply
ohim

First, people don't usually 'Choose' Windows. It is what every computer Dell sells, it is what you get if you don't buy an Apple computer. Does Lenovo offer OS X? So it is not a 'choice'. It is ironic that you have to buy an Apple computer to have a choice, between Windows or OS X.

Keep telling yourself that Windows is more 'popular', the reality is it is simply necessary if you are going to use that Dell or Lenovo computer.

Windows is less secure because the user base is less educated, less knowledgeable, and trained to click 'Okay' as standard procedure to use their computer like a trained monkey! So when a important box pops up, people don't read them! They just blindly click 'Okay'. Bill Gates apparently never heard the 'cry wolf' story.

You are a special breed no ? Do you even hear what comes out of your mouth (well.. finger tips) ?
Reply
rluker5

First, people don't usually 'Choose' Windows. It is what every computer Dell sells, it is what you get if you don't buy an Apple computer. Does Lenovo offer OS X? So it is not a 'choice'. It is ironic that you have to buy an Apple computer to have a choice, between Windows or OS X.

Keep telling yourself that Windows is more 'popular', the reality is it is simply necessary if you are going to use that Dell or Lenovo computer.

Windows is less secure because the user base is less educated, less knowledgeable, and trained to click 'Okay' as standard procedure to use their computer like a trained monkey! So when a important box pops up, people don't read them! They just blindly click 'Okay'. Bill Gates apparently never heard the 'cry wolf' story.

Apple is responsible for osx not being available on those computers. With non-apple products users have the choice of switching to Linux or dual booting with it, but because so few do, manufacturers and retailers don't offer it often since they want to make their products as likely to sell as possible. And while it is true that there are less educated users among all os's, the most educated can use them all. It is Apple that has the consumption (IE tv) oriented ecosystem and corresponding userbase.

Reply
mortsmi7

iSharted said:
First, people don't usually 'Choose' Windows. It is what every computer Dell sells, it is what you get if you don't buy an Apple computer. Does Lenovo offer OS X? So it is not a 'choice'. It is ironic that you have to buy an Apple computer to have a choice, between Windows or OS X.

Keep telling yourself that Windows is more 'popular', the reality is it is simply necessary if you are going to use that Dell or Lenovo computer.

Windows is less secure because the user base is less educated, less knowledgeable, and trained to click 'Okay' as standard procedure to use their computer like a trained monkey! So when a important box pops up, people don't read them! They just blindly click 'Okay'. Bill Gates apparently never heard the 'cry wolf' story.

Reply
Grandmastersexsay

Do Apple users really think they are better educated than Windows users? Apple's operating systems are the most dumbed down and locked down software out there. They don't even think you are capable of changing your own battery. One mouse button? They market to idiots. Apple thinks you are retarded, and for the most part, they are right.
Reply
Vlad Rose

Wow, Mac is sooo secure compared to Windows as the fans try to tell you. It only takes them 6 months to fix a major security hole... lol
Reply
Marshall Honorof

While I don't think six months is an acceptable timetable for patching a flaw of this magnitude, I also don't think this issue really says much about the Windows/Mac debate in general. Both systems have enormous user bases, and as such, both are attractive targets for cybercriminals. As such, neither one is going to be totally safe, and users must protect themselves as best they can.
Reply

Show more comments

Sign up to get the BEST of Tom's Guide direct to your inbox.