Q: How can I upgrade my Mac OS X 10.5 8 to Snow Leopard for free? A: macOS 10.5.8 Snow Leopard is such a famous and classic operating system that Apple donated it the Internet Archive, from which you can download it for free. 8/10 (35 votes) - Download Yosemite Mac Free. Download Yosemite and update OS X to enjoy the operating system's new functions that make its features head towards a convergence with iPhone and iPad. The new version of the operating system for Apple computers has transformed itself to reduce its. Upgrading from one operating system to the another OS is another way of installing Windows or Mac operating system. In this article, you are going to learn that how to upgrade Mac OS Yosemite to El Capitan. Mac OS X El Capitan 10.11.4 is the latest released version of Mac operating system right now. Also, you will learn that what is an upgrade.
The OS received considerable praise for its new simplified user interface. The toolbars were also found to be much easier to use. The technical leaps that were made with Yosemite were critically acclaimed and many agreed that it would be hard to return to the preceding OS X Mavericks after trying out OS X Yosemite.
Update Mac Os X 10 5 8 To Yosemite 10.10
OS X Yosemite was criticized for its inconsistent network stability. Users also found out that the Finder feature did not allow them to look through the contents of certain folders. The Continuity feature was also not found to be completely spotless in its working.
The Mac OS X Yosemite 10.10 ISO varied from its successors with progressive highlights that pulled the working framework into radical development in the market. Here are a few highlights you should not miss in the event that you are a Mac OS client.
Overall, the sleek new user design and technical improvements made OS X Yosemite a formidable OS in its time.
Productive Features of Mac OS X Yosemite 10.10
Take a look at some of the new features and improved pre-existing ones that Mac OS X Yosemite has to offer:
- Handoff (Continuity)- This is a feature that will allow users to connect between their Mac and iOS devices. The Handoff feature should be enabled in both devices. Then, if the user performs an action on their iOS device, they will be able to continue it from exactly the same place on the Mac.
- Phone calls- Users will now be able to make phone calls on their Mac. It may take some time to get used to the fact that the Mac will start ringing when this feature is enabled. SMS text messages are now also viewable on the Mac.
- AirDrop- This was already introduced in iOS 7 but this is the first time that the Mac is getting an opportunity to implement its functionalities. Now, users will be able to share photos and videos between their devices easily once the feature has been enabled in their Mac.
- Markup Feature in Mail- If there is an attachment to be sent in the mail, it can be edited directly in the same Window. The user is also able to insert text and draw whatever they want.
- Spotlight- Users will now be able to get web results for their searches under Spotlight. They will also get directions to wherever they need to go from Apple Maps.
- Today- This is a new feature that has been introduced under the Notification Center. Today displays various pieces of information and updates to the users.
![Mac Mac](https://i1.wp.com/9to5mac.com/wp-content/uploads/sites/6/2015/06/el-capitan.png?resize=1600%2C1000&quality=82&strip=all&ssl=1)
Steps to download OS X Yosemite 10.10 ISO/DMG files
These are the steps that have to be followed to download OS X Yosemite:
Check if the model is compatible with OS X Yosemite 10.10
The user’s Mac has to be compatible with Mac OS X Yosemite 10.10 and Mac OS High Sierra. If this condition is not satisfied, the download will fail. The following models have been found to be compatible with OS X Yosemite:
- MacBook(2009 and onwards)
- Mac mini(2009 and onwards)
- Mac Pro(2008 and onwards)
- MacBook Air(2008 and onwards)
- Mac Pro(2008 and onwards)
- Mac Pro(2008 and onwards)
- MacBook Pro(2007 and onwards)
- iMac(2007 and onwards)
In order to download OS X Yosemite 10.10, the user’s Mac must have a minimum of 2 GB of memory and 8 GB of available storage space.
Backup the system before the download
The user can rest assured knowing that their important files will be properly backed up using Time Machine. An external storage device will have to be connected to the user’s Mac. This will act as the destination to which all the files on the Mac will be backed up to. The user can retrieve their files from this location whenever they may require them.
Ensure that the Mac has a strong Internet Connection
The Mac must have a strong Internet connection so that there are no unnecessary interruptions in the download process and it can be completed without any hitches.
Download OS X Yosemite 10.10
![Mac os x 10 free download Mac os x 10 free download](https://cdn.mos.cms.futurecdn.net/kSDToyEMvRmm4ceFzyANFf-1200-80.jpg)
The user can upgrade their OS using the App Store or download the OS using an online link.
Install the required installer
The downloaded file must be selected. There will be a file inside which contains the required installer. On opening it, the user will be able to start the installation process.
Start the installation process
The user should select the installer as mentioned previously so that the process may begin. The instructions that will be displayed should be followed carefully.
Wait for the installation to be completed
While the installation process takes place, the user should neither turn on the Sleep option nor close Mac’s lid. Once the process is complete, the user will be able to experience OS X Yosemite for themselves.
These are the steps that the user has to follow in order to obtain the ISO file:
After OS X Yosemite has been installed, its image file will be present inside Applications.
- The image file will have to be used in order to get the required ISO file.
For the following steps, the user will have to carefully enter the commands in the Terminal as even as a small mistake may result in errors:
- The installer image file should be mounted.
- The boot image should be converted into a sparse bundle.
- The capacity of the bundle should be increased so there will be space for all of the required packages.
- The bundle should now be mounted.
- The package link should be removed and replaced with the actual files.
- The installer image should be unmounted.
- The sparse bundle should be unmounted.
- The partition in the bundle should be resized so that unnecessary free space is removed.
- The bundle should be converted into an ISO master.
- The sparse bundle should be removed.
- The ISO should be renamed and brought to the Desktop.
Download Mac OS X Yosemite 10.10 ISO / DMG Files
If you have any doubts about the information that we have provided, please feel free to reach out to us in the comments box below and we will do our best to get back to you with the answers you need.
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other security updates, see Apple security updates.
OS X Yosemite v10.10.4 and Security Update 2015-005
- Admin FrameworkAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: A process may gain admin privileges without proper authenticationDescription: An issue existed when checking XPC entitlements. This issue was addressed through improved entitlement checking.CVE-IDCVE-2015-3671 : Emil Kvarnhammar at TrueSec
- Admin FrameworkAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: A non-admin user may obtain admin rightsDescription: An issue existed in the handling of user authentication. This issue was addressed through improved error checking.CVE-IDCVE-2015-3672 : Emil Kvarnhammar at TrueSec
- Admin FrameworkAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: An attacker may abuse Directory Utility to gain root privilegesDescription: Directory Utility was able to be moved and modified to achieve code execution within an entitled process. This issue was addressed by limiting the disk location that writeconfig clients may be executed from.CVE-IDCVE-2015-3673 : Patrick Wardle of Synack, Emil Kvarnhammar at TrueSec
- afpserverAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in the AFP server. This issue was addressed through improved memory handling.CVE-IDCVE-2015-3674 : Dean Jerkovich of NCC Group
- apacheAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: An attacker may be able to access directories that are protected with HTTP authentication without knowing the correct credentialsDescription: The default Apache configuration did not include mod_hfs_apple. If Apache was manually enabled and the configuration was not changed, some files that should not be accessible might have been accessible using a specially crafted URL. This issue was addressed by enabling mod_hfs_apple.CVE-IDCVE-2015-3675 : Apple
- apacheAvailable for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: Multiple vulnerabilities exist in PHP, the most serious of which may lead to arbitrary code executionDescription: Multiple vulnerabilities existed in PHP versions prior to 5.5.24 and 5.4.40. These were addressed by updating PHP to versions 5.5.24 and 5.4.40.CVE-IDCVE-2015-0235CVE-2015-0273
- AppleGraphicsControlAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: A malicious application may be able to determine kernel memory layoutDescription: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking.CVE-IDCVE-2015-3676 : Chen Liang of KEEN Team
- AppleFSCompressionAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: A malicious application may be able to determine kernel memory layoutDescription: An issue existed in LZVN compression that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling.CVE-IDCVE-2015-3677 : an anonymous researcher working with HP's Zero Day Initiative
- AppleThunderboltEDMServiceAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: A malicious application may be able to execute arbitrary code with system privileges Office for mac 3 user license.Description: A memory corruption issue existed in the handling of certain Thunderbolt commands from local processes. This issue was addressed through improved memory handling.CVE-IDCVE-2015-3678 : Apple
- ATSAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code executionDescription: Multiple memory corruption issues existed in handling of certain fonts. These issues were addressed through improved memory handling.CVE-IDCVE-2015-3679 : Pawel Wylecial working with HP's Zero Day InitiativeCVE-2015-3680 : Pawel Wylecial working with HP's Zero Day InitiativeCVE-2015-3681 : John Villamil (@day6reak), Yahoo Pentest TeamCVE-2015-3682 : 魏诺德
- BluetoothAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: A malicious application may be able to execute arbitrary code with system privilegesDescription: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling.CVE-IDCVE-2015-3683 : Roberto Paleari and Aristide Fattori of Emaze Networks
- Certificate Trust PolicyAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: An attacker with a privileged network position may be able to intercept network trafficDescription: An intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to trust only a subset of certificates issued prior to the mis-issuance of the intermediate. You can learn more about the security partial trust allow list.
- Certificate Trust PolicyAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Description: The certificate trust policy was updated. The complete list of certificates may be viewed at the OS X Trust Store.
- CFNetwork HTTPAuthenticationAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: Following a maliciously crafted URL may lead to arbitrary code execution Crazy justice mac os.Description: A memory corruption issue existed in handling of certain URL credentials. This issue was addressed through improved memory handling.CVE-IDCVE-2015-3684 : Apple
- CoreTextAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: Processing a maliciously crafted text file may lead to an unexpected application termination or arbitrary code executionDescription: Multiple memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking.CVE-IDCVE-2015-1157CVE-2015-3685 : AppleCVE-2015-3686 : John Villamil (@day6reak), Yahoo Pentest TeamCVE-2015-3687 : John Villamil (@day6reak), Yahoo Pentest TeamCVE-2015-3688 : John Villamil (@day6reak), Yahoo Pentest TeamCVE-2015-3689 : Apple
- coreTLSAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: An attacker with a privileged network position may intercept SSL/TLS connectionsDescription: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits.CVE-IDCVE-2015-4000 : The weakdh team at weakdh.org, Hanno Boeck
- DiskImagesAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: A malicious application may be able to determine kernel memory layoutDescription: An information disclosure issue existed in the processing of disk images. This issue was addressed through improved memory management.CVE-IDCVE-2015-3690 : Peter Rutenbar working with HP's Zero Day Initiative
- Display DriversAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: A malicious application may be able to execute arbitrary code with system privilegesDescription: An issue existed in the Monitor Control Command Set kernel extension by which a userland process could control the value of a function pointer within the kernel. The issue was addressed by removing the affected interface.CVE-IDCVE-2015-3691 : Roberto Paleari and Aristide Fattori of Emaze Networks
- EFIAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: A malicious application with root privileges may be able to modify EFI flash memoryDescription: An insufficient locking issue existed with EFI flash when resuming from sleep states. This issue was addressed through improved locking.CVE-IDCVE-2015-3692 : Trammell Hudson of Two Sigma Investments, Xeno Kovah and Corey Kallenberg of LegbaCore LLC, Pedro Vilaça
- EFIAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: A malicious application may induce memory corruption to escalate privilegesDescription: A disturbance error, also known as Rowhammer, exists with some DDR3 RAM that could have led to memory corruption. This issue was mitigated by increasing memory refresh rates.CVE-IDCVE-2015-3693 : Mark Seaborn and Thomas Dullien of Google, working from original research by Yoongu Kim et al (2014)
- FontParserAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.CVE-IDCVE-2015-3694 : John Villamil (@day6reak), Yahoo Pentest Team
- Graphics DriverAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: A malicious application may be able to execute arbitrary code with system privilegesDescription: An out of bounds write issue existed in NVIDIA graphics driver. This issue was addressed through improved bounds checking.CVE-IDCVE-2015-3712 : Ian Beer of Google Project Zero
- Intel Graphics DriverAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: Multiple buffer overflow issues exist in the Intel graphics driver, the most serious of which may lead to arbitrary code execution with system privilegesDescription: Multiple buffer overflow issues existed in the Intel graphics driver. These were addressed through additional bounds checks.CVE-IDCVE-2015-3695 : Ian Beer of Google Project ZeroCVE-2015-3696 : Ian Beer of Google Project ZeroCVE-2015-3697 : Ian Beer of Google Project ZeroCVE-2015-3698 : Ian Beer of Google Project ZeroCVE-2015-3699 : Ian Beer of Google Project ZeroCVE-2015-3700 : Ian Beer of Google Project ZeroCVE-2015-3701 : Ian Beer of Google Project ZeroCVE-2015-3702 : KEEN Team
- ImageIOAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: Multiple vulnerabilities existed in libtiff, the most serious of which may lead to arbitrary code executionDescription: Multiple vulnerabilities existed in libtiff versions prior to 4.0.4. They were addressed by updating libtiff to version 4.0.4.CVE-IDCVE-2014-8127CVE-2014-8128CVE-2014-8129CVE-2014-8130
- ImageIOAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: Processing a maliciously crafted .tiff file may lead to an unexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in the processing of .tiff files. This issue was addressed through improved bounds checking.CVE-IDCVE-2015-3703 : Apple
- Install Framework LegacyAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: A malicious application may be able to execute arbitrary code with system privilegesDescription: Several issues existed in how Install.framework's 'runner' setuid binary dropped privileges. This was addressed by properly dropping privileges.CVE-IDCVE-2015-3704 : Ian Beer of Google Project Zero
- IOAcceleratorFamily
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: Multiple memory corruption issues existed in IOAcceleratorFamily. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-3705 : KEEN Team
CVE-2015-3706 : KEEN Team - IOFireWireFamily
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: Multiple null pointer dereference issues existed in the FireWire driver. These issues were addressed through improved error checking.
CVE-ID
CVE-2015-3707 : Roberto Paleari and Aristide Fattori of Emaze Networks
- Kernel
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel memory layout
Description: A memory management issue existed in the handling of APIs related to kernel extensions which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management.
CVE-ID
CVE-2015-3720 : Stefan Esser
- Kernel
Available for: OS X Yosemite v10.10 to v10.10.3
Impact: A malicious application may be able to determine kernel memory layout
Description: A memory management issue existed in the handling of HFS parameters which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management.
CVE-ID
CVE-2015-3721 : Ian Beer of Google Project Zero
- kext toolsAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: A malicious application may be able to overwrite arbitrary filesDescription: kextd followed symbolic links while creating a new file. This issue was addressed through improved handling of symbolic links.CVE-IDCVE-2015-3708 : Ian Beer of Google Project Zero
- kext toolsAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: A local user may be able to load unsigned kernel extensionsDescription: A time-of-check time-of-use (TOCTOU) race condition condition existed while validating the paths of kernel extensions. This issue was addressed through improved checks to validate the path of the kernel extensions.CVE-IDCVE-2015-3709 : Ian Beer of Google Project Zero
- MailAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: A maliciously crafted email can replace the message content with an arbitrary webpage when the message is viewedDescription: An issue existed in the support for HTML email which allowed message content to be refreshed with an arbitrary webpage. The issue was addressed through restricted support for HTML content.CVE-IDCVE-2015-3710 : Aaron Sigel of vtty.com, Jan Souček
- ntfsAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: A malicious application may be able to determine kernel memory layoutDescription: An issue existed in NTFS that could have led to the disclosure of kernel memory content. This issue was addressed through improved memory handling.CVE-IDCVE-2015-3711 : Peter Rutenbar working with HP's Zero Day Initiative
- ntpAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: An attacker in a privileged position may be able to perform a denial of service attack against two ntp clientsDescription: Multiple issues existed in the authentication of ntp packets being received by configured end-points. These issues were addressed through improved connection state management.CVE-IDCVE-2015-1798CVE-2015-1799
- OpenSSLAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: Multiple issues exist in OpenSSL, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphersDescription: Multiple issues existed in OpenSSL 0.9.8zd which were addressed by updating OpenSSL to version 0.9.8zf.CVE-IDCVE-2015-0209CVE-2015-0286CVE-2015-0287CVE-2015-0288CVE-2015-0289CVE-2015-0293
- QuickTimeAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: Processing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code executionDescription: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling.CVE-IDCVE-2015-3661 : G. Geshev working with HP's Zero Day InitiativeCVE-2015-3662 : kdot working with HP's Zero Day InitiativeCVE-2015-3663 : kdot working with HP's Zero Day InitiativeCVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero Day InitiativeCVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai Lu of Fortinet's FortiGuard LabsCVE-2015-3668 : Kai Lu of Fortinet's FortiGuard LabsCVE-2015-3713 : Apple
- SecurityAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: A remote attacker may cause an unexpected application termination or arbitrary code executionDescription: An integer overflow existed in the Security framework code for parsing S/MIME e-mail and some other signed or encrypted objects. https://newlinebudget477.weebly.com/houdinis-castle-mac-os.html. This issue was addressed through improved validity checking.CVE-IDCVE-2013-1741
- SecurityAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: Tampered applications may not be prevented from launchingDescription: Apps using custom resource rules may have been susceptible to tampering that would not have invalidated the signature. This issue was addressed with improved resource validation.CVE-IDCVE-2015-3714 : Joshua Pitts of Leviathan Security Group
- SecurityAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: A malicious application may be able to bypass code signing checksDescription: An issue existed where code signing did not verify libraries loaded outside the application bundle. This issue was addressed with improved bundle verification.CVE-IDCVE-2015-3715 : Patrick Wardle of Synack
- SpotlightAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.3Impact: Searching for a malicious file with Spotlight may lead to command injectionDescription: A command injection vulnerability existed in the handling of filenames of photos added to the local photo library. This issue was addressed through improved input validation.CVE-IDCVE-2015-3716 : Apple
- SQLiteAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: A remote attacker may cause an unexpected application termination or arbitrary code executionDescription: Multiple buffer overflows existed in SQLite's printf implementation. These issues were addressed through improved bounds checking.CVE-IDCVE-2015-3717 : Peter Rutenbar working with HP's Zero Day Initiative
- SQLiteAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: A maliciously crafted SQL command may allow unexpected application termination or arbitrary code execution Artifactescape mac os.Description: An API issue existed in SQLite functionality. This was addressed through improved restrictions.CVE-IDCVE-2015-7036 : Peter Rutenbar working with HP's Zero Day Initiative
- System StatsAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: A malicious app may be able to compromise systemstatsdDescription: A type confusion issue existed in systemstatsd's handling of interprocess communication. By sending a maliciously formatted message to systemstatsd, it may have been possible to execute arbitrary code as the systemstatsd process. The issue was addressed through additional type checking.CVE-IDCVE-2015-3718 : Roberto Paleari and Aristide Fattori of Emaze Networks
- TrueTypeScalerAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code executionDescription: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.CVE-IDCVE-2015-3719 : John Villamil (@day6reak), Yahoo Pentest Team
- zipAvailable for: OS X Yosemite v10.10 to v10.10.3Impact: Extracting a maliciously crafted zip file using the unzip tool may lead to an unexpected application termination or arbitrary code executionDescription: Multiple memory corruption issues existed in the handling of zip files. These issues were addressed through improved memory handling.CVE-IDCVE-2014-8139CVE-2014-8140CVE-2014-8141
Update Mac Os X 10 5 8 To Yosemite High Sierra
OS X Yosemite v10.10.4 includes the security content of Safari 8.0.7.