Apple has plugged a stream of vulnerabilities in its OS X Yosemite v10.10.4 operating system, some of which could be exploited by hackers to install malware on victims’ systems.
The OS X Yosemite update plugs over 70 security issues, some of which affect commonly used systems, such as graphics, Mail, Bluetooth, QuickTime and Spotlight.
Disturbingly, some of the bugs are remotely exploitable and “could lead to execution of arbitrary code,” which is computer speak for installing malware and bad software on the victim’s machine.
Others are more basic, and would let hackers bypass some security features, or mount denial of service and nuisance attacks, doing things like remotely shutting down applications or processes the user is running.
Apple famously doesn’t comment on security issues, claiming: “For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.”
This makes knowing if any of the bugs were targeted by hackers prior to the patch update difficult, and at the time of publishing Apple had not responded to Business Insider’s request for comment.
Despite the lack of firm information if the flaws are being targeted, the patch has caused ripples in the security community.
Fraser Kyne, principal systems engineer at security firm Bromium called for Apple users to install the updates as soon as they are able, arguing it is likely they are being exploited.
“Some attackers will know about these vulnerabilities already, and many more have now been alerted to them and will therefore mount attacks on those who will take time to patch their machines,” he told Business Insider.
“Alerts like these should finally put to bed the naive concept that Macs are more secure than other platforms. All software is vulnerable, and the process of simply waiting for an exploit then trying to react to it before a disaster should be relegated to ‘how we used to do things’.”
The Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) mirrored Kyne’s sentiment, calling for Apple users to install the Mac OS X patches as soon as they are able.