For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
- Os X Yosemite App Store
- Mac Os X Yosemite Notes Apps
- Mac Os X Yosemite Notes App Free
- Apple Mac Os X Yosemite
- Mac Os X Yosemite Upgrade
For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.
Jan 09, 2015. Include optional information such as notes, web links, and tags. Choose from different background themes. Import your timelines from previous versions of Timeline 3D and Easy Timeline. Designed for Mac OS X Yosemite FEATURES WITH IN-APP PURCHASE. Print your timelines on a single page, formatted for your paper size.
What’s New In Mac OS X Yosemite Check out the major new features of Mac OS X Yosemite. There are some major new features like iCloud Drive, Notification Center widgets, app extensions and iOS 8 continuity functions. Also be sure to check out the Video Guide to Yosemite available now in the Mac App. OS X 10.10.3 articles on MacRumors.com. OS X 10.10.3 with the all-new Photos app will be available Wednesday as a free software update for Mac users, according to The Associated Press.
Where possible, CVE IDs are used to reference the vulnerabilities for further information.
To learn about other security updates, see Apple security updates.
OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks
apache_mod_php
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29, the most serious of which may have led to remote code execution. These were addressed by updating PHP to version 5.5.30.
CVE-ID
CVE-2015-7803
CVE-2015-7804
AppSandbox
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may maintain access to Contacts after having access revoked
Description: An issue existed in the sandbox's handling of hard links. This issue was addressed through improved hardening of the app sandbox.
CVE-ID
CVE-2015-7001 : Razvan Deaconescu and Mihai Bucicoiu of University POLITEHNICA of Bucharest; Luke Deshotels and William Enck of North Carolina State University; Lucas Vincenzo Davi and Ahmad-Reza Sadeghi of TU Darmstadt
Bluetooth
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in the Bluetooth HCI interface. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7108 : Ian Beer of Google Project Zero
CFNetwork HTTPProtocol
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: An attacker with a privileged network position may be able to bypass HSTS
Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-7094 : Tsubasa Iinuma (@llamakko_cafe) of Gehirn Inc. and Muneaki Nishimura (nishimunea)
Compression
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: An uninitialized memory access issue existed in zlib. This issue was addressed through improved memory initialization and additional validation of zlib streams.
CVE-ID
CVE-2015-7054 : j00ru
Configuration Profiles
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local attacker may be able to install a configuration profile without admin privileges
Description: An issue existed when installing configuration profiles. This issue was addressed through improved authorization checks.
CVE-ID
CVE-2015-7062 : David Mulder of Dell Software
CoreGraphics
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
CVE-ID
CVE-2015-7105 : John Villamil (@day6reak), Yahoo Pentest Team
CoreMedia Playback
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in the processing of malformed media files. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7074 : Apple
CVE-2015-7075
Disk Images
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7110 : Ian Beer of Google Project Zero
EFI
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with system privileges
Description: A path validation issue existed in the kernel loader. This was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7063 : Apple
File Bookmark
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A path validation issue existed in app scoped bookmarks. This was addressed through improved environment sanitization.
CVE-ID
CVE-2015-7071 : Apple
Hypervisor
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with system privileges
Description: A use after free issue existed in the handling of VM objects. This issue was addressed through improved memory management.
CVE-ID
CVE-2015-7078 : Ian Beer of Google Project Zero
iBooks
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information
Description: An XML external entity reference issue existed with iBook parsing. This issue was addressed through improved parsing.
CVE-ID
CVE-2015-7081 : Behrouz Sadeghipour (@Nahamsec) and Patrik Fehrenbach (@ITSecurityguard)
ImageIO
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A memory corruption issue existed in ImageIO. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7053 : Apple
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with system privileges
Description: A null pointer dereference issue was addressed through improved input validation.
CVE-ID
CVE-2015-7076 : Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7106 : Ian Beer of Google Project Zero, Juwei Lin of TrendMicro, beist and ABH of BoB, and JeongHoon Shin@A.D.D
Intel Graphics Driver
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with system privileges
Description: An out of bounds memory access issue existed in the Intel Graphics Driver. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7077 : Ian Beer of Google Project Zero
IOAcceleratorFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7109 : Juwei Lin of TrendMicro
IOHIDFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: Multiple memory corruption issues existed in IOHIDFamily API. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7111 : beist and ABH of BoB
CVE-2015-7112 : Ian Beer of Google Project Zero
IOKit SCSI
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A null pointer dereference existed in the handling of a certain userclient type. This issue was addressed through improved validation.
CVE-ID
CVE-2015-7068 : Ian Beer of Google Project Zero
IOThunderboltFamily
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to cause a system denial of service
Description: A null pointer dereference existed in IOThunderboltFamily's handling of certain userclient types. This issue was addressed through improved validation of IOThunderboltFamily contexts.
CVE-ID
CVE-2015-7067 : Juwei Lin of TrendMicro
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local application may be able to cause a denial of service
Description: Multiple denial of service issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7040 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7041 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7042 : Lufeng Li of Qihoo 360 Vulcan Team
CVE-2015-7043 : Tarjei Mandt (@kernelpool)
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7083 : Ian Beer of Google Project Zero
CVE-2015-7084 : Ian Beer of Google Project Zero
Kernel
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: An issue existed in the parsing of mach messages. This issue was addressed through improved validation of mach messages.
CVE-ID
CVE-2015-7047 : Ian Beer of Google Project Zero
kext tools
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A validation issue existed during the loading of kernel extensions. This issue was addressed through additional verification.
CVE-ID
CVE-2015-7052 : Apple
Keychain Access
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may be able to masquerade as the Keychain Server.
Description: An issue existed in how Keychain Access interacted with Keychain Agent. This issue was resolved by removing legacy functionality.
CVE-ID
CVE-2015-7045 : Luyi Xing and XiaoFeng Wang of Indiana University Bloomington, Xiaolong Bai of Indiana University Bloomington and Tsinghua University, Tongxin Li of Peking University, Kai Chen of Indiana University Bloomington and Institute of Information Engineering, Xiaojing Liao of Georgia Institute of Technology, Shi-Min Hu of Tsinghua University, and Xinhui Han of Peking University
libarchive
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A memory corruption issue existed in the processing of archives. This issue was addressed through improved memory handling.
CVE-ID
CVE-2011-2895 : @practicalswift
libc
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Processing a maliciously crafted package may lead to arbitrary code execution
Description: Multiple buffer overflows existed in the C standard library. These issues were addressed through improved bounds checking.
CVE-ID
CVE-2015-7038 : Brian D. Wells of E. W. Scripps, Narayan Subramanian of Symantec Corporation/Veritas LLC
CVE-2015-7039 : Maksymilian Arciemowicz (CXSECURITY.COM)
Entry updated March 3, 2017
libexpat
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in expat
Description: Multiple vulnerabilities existed in expat version prior to 2.1.0. These were addressed by updating expat to versions 2.1.0.
CVE-ID
CVE-2012-0876 : Vincent Danen
CVE-2012-1147 : Kurt Seifried
CVE-2012-1148 : Kurt Seifried
libxml2
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1
Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7115 : Wei Lei and Liu Yang of Nanyang Technological University
CVE-2015-7116 : Wei Lei and Liu Yang of Nanyang Technological University
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in OpenGL. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-7064 : Apple
CVE-2015-7065 : Apple
CVE-2015-7066 : Tongbo Luo and Bo Qu of Palo Alto Networks
OpenLDAP
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A remote unauthenticated client may be able to cause a denial of service
Description: An input validation issue existed in OpenLDAP. This issue was addressed through improved input validation.
CVE-ID
CVE-2015-6908
Os X Yosemite App Store
OpenSSH
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: Multiple vulnerabilities in LibreSSL
Description: Multiple vulnerabilities existed in LibreSSL versions prior to 2.1.8. These were addressed by updating LibreSSL to version 2.1.8.
CVE-ID
CVE-2015-5333
CVE-2015-5334
QuickLook
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1
Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution
Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7107
Sandbox
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application with root privileges may be able to bypass kernel address space layout randomization
Description: An insufficient privilege separation issue existed in xnu. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7046 : Apple
Security
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in handling SSL handshakes. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7073 : Benoit Foucher of ZeroC, Inc.
Security
Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5
Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation
CVE-ID
CVE-2015-7059 : David Keeler of Mozilla
CVE-2015-7060 : Tyson Smith of Mozilla
CVE-2015-7061 : Ryan Sleevi of Google
Security
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application may gain access to a user's Keychain items
Description: An issue existed in the validation of access control lists for keychain items. This issue was addressed through improved access control list checks.
CVE-ID
CVE-2015-7058
System Integrity Protection
Available for: OS X El Capitan v10.11 and v10.11.1
Impact: A malicious application with root privileges may be able to execute arbitrary code with system privileges
Description: A privilege issue existed in handling union mounts. This issue was addressed by improved authorization checks.
CVE-ID
CVE-2015-7044 : MacDefender
Notes
- Security Update 2015-005 and 2015-008 is recommended for all users and improves the security of OS X. After installing this update, the QuickTime 7 web browser plug-in will no longer be enabled by default. Learn what to do if you still need this legacy plug-in.
- OS X El Capitan v10.11.2 includes the security content of Safari 9.0.2.
A More Powerful and Productive
Wunderlist for OS X Yosemite
As Mac App of the Year, there’s only one way to celebrate the arrival of OS X Yosemite, and that’s to bring you full support for Yosemite’s incredible new features! Our latest update for Mac is set to keep you more focused and productive than ever before. Whether you need fast access to your most pressing to-dos, quickly add items to Wunderlist or instantly respond to a comment, we think you’ll fall in love with everything that’s new in Wunderlist for Mac.
A more productive Notification Center
Whenever you need to know what’s on your list for the day, just open up Notification Center. Here, you’ll find the new Wunderlist Today widget. It lets you instantly view your agenda without leaving the app you’re in (even if you’re working in full-screen mode), so you can stay focussed on the task at hand.
But the Today widget is so much more than just a list of your due (and overdue) to-dos. We’ve also added the ability to interact directly with them to help boost your productivity. When you’ve finished a to-do, you can instantly check it off and, before you start the next one, just give it a click to get all the details you need, straight from Wunderlist.
A more powerful Add to Wunderlist
Just like Add to Wunderlist for iOS 8, Chrome and Firefox, we’ve made creating to-dos and saving notes as easy as apple pie on Mac. Whenever you’re browsing Safari — or another app — and come across something you want to save, click on the share icon and you’ll be able to add it straight to Wunderlist. From there, you’ll get a pop-up that lets you add any extra details you need, like choosing which list to save it to. It’s perfect for planning and organizing ideas for work, home and play.
Notifications to keep everyone in the loop
With gorgeous desktop notifications, Wunderlist for Mac already makes it easy for you to stay on top of what’s happening in your lists. But up till now, responding to Comments has always meant that you’ve had to leave the app you’re in. With Wunderlist’s new Interactive Notifications, you’ll be able to instantly respond to Comments of all types from your shared lists, letting you instantly give context and clarity to your family, friends and colleagues.
The complete Handoff experience
Mac Os X Yosemite Notes Apps
One of Yosemite’s standout features is a technology that lets you seamlessly move between your devices — but best of all, it’s built right into Wunderlist for Mac. Already available on Wunderlist for iPhone and iPad, Handoff remembers the last thing you were doing in Wunderlist and gives you the option to pick up where you left off when you switch devices. So if you start editing a Note on your Mac, but have to head to an appointment, you’ll now have the option to keep working on it when you pick up your iPhone or iPad.
Made for Yosemite, designed for the future
Mac Os X Yosemite Notes App Free
When you first open the new Wunderlist for Mac, you’ll be welcomed by a truly modern design. From the translucency that places the focus on all of your lists, through to the icons in your Account Settings, both the UI and code beneath have been carefully crafted to match Yosemite in both look and performance.
Apple Mac Os X Yosemite
Update: Wunderlist for Mac has been approved by the App Store and is available now!
Mac Os X Yosemite Upgrade
So when can you get your hands on the new Wunderlist for Mac? Very soon! The update is awaiting approval in the App Store and will be made available as soon as we get the green light. In the mean time, be sure to check out all the other recent Wunderlist updates, like our Dropbox integration, new Chrome extensions and Calendar Feed. Oh, and we’d love to hear what you think of this latest release, just let us know in the comments below!