SecureMac, Inc.

Shoring up your Mac’s Security in Yosemite

March 5, 2015

Anyone who’s used a Mac for any length of time knows that comfy, secure feeling you get when logging into OS X. It’s great. And best of all, it’s malware-free. Right?

Well, not exactly…

Apple recently rolled out its OS X Yosemite 10.10.2 update in tandem with Security Update 2015-001, delivering a number of important security features and patching vulnerabilities. But, in spite of several welcoming security additions, many experts (and even Google) remain concerned over outstanding privacy issues.

Before we look at those in more detail, let’s get overview of the update …

Shoring up your Mac’s Security in Yosemite

Anyone who’s used a Mac for any length of time knows that comfy, secure feeling you get when logging into OS X. It’s great. And best of all, it’s malware-free. Right?

Well, not exactly…

Apple recently rolled out its OS X Yosemite 10.10.2 update in tandem with Security Update 2015-001, delivering a number of important security features and patching vulnerabilities. But, in spite of several welcoming security additions, many experts (and even Google) remain concerned over outstanding privacy issues.

Before we look at those in more detail, let’s get overview of the update to understand the security measures implemented in this latest release.

Who’s this Mac OS X update for?

This latest update, which is the first one for 2015, is aptly titled “Security Update 2015-001.” This security update is available in the Mac App Store for users running OS X 10.8.5 and higher, and more information on the security content of the update can be found here.

Spotlight for Mac privacy loophole fix

Prior to this security update, Spotlight would load remote content from emails even when the setting was disabled in Mail’s preferences. Consequently, the sender of an email could determine the IP address of the recipient.

Also prior to the security update, a memory management issue in Spotlight was causing unexpected information to be saved to external hard drives. These two issues were solved through improved configuration checking and better memory management. Click here to see 10 privacy tips for Mac OS X

Thunderstrike for Mac security fix

Macs equipped with a Thunderbolt port are no longer susceptible to the so-called “Thunderstrike” hardware exploit, which allowed an attacker to modify a Mac’s host firmware when it was booted with a malicious Thunderbolt device attached.

More OS X bugs still being discovered…

In spite of these welcome fixes, many flaws and vulnerabilities are still being uncovered. Google’s Project Zero security team continues to uncover and disclose security vulnerabilities, oftentimes with accompanying proof-of-concept code, which can give attackers a head start when it comes to exploiting the bugs. Three security flaws uncovered and announced by Google’s Project Zero security team earlier this year were patched as part of Security Update 2015-001, and the team is undoubtedly hard at work tracking down further flaws.

The serious concerns over private browsing have continued, as well. The security and privacy researchers at SecureMac have long advised users to the risk of information leaks from web browsers, even when “private browsing” modes are utilized. For example, prior to the OS X 10.10.2 release, you probably thought that private browsing was secure. However, as highlighted in the patch notes (CVE-2014-4460), Apple realized that “a privacy issue existed where browsing data could remain in the cache after leaving private browsing.”

While that particular bug has been fixed, what other vulnerabilities remain that could compromise your privacy? And what apps are most vulnerable? Each new OS update or app brings potential vulnerabilities of its own, too.

That’s why MacScan is such a popular app. Because it works in tandem with security features such as those released in OS X Yosemite 10.10.2, shoring up the gaps, it ensures maximum privacy, avoids sensitive information being left accessible and safeguards weak spots in the OS that could leave you open to attack.

Want to see for yourself? Download the free trial here.

Get the latest security news and deals