-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-11-17-2 OS X Yosemite 10.10.1 OS X 10.10.1 is now available and addresses the following: CFNetwork Available for: OS X Yosemite v10.10 Impact: Website cache may not be fully cleared after leaving private browsing Description: A privacy issue existed where browsing data could remain in the cache after leaving private browsing. This issue was addressed through a change in caching behavior. CVE-ID CVE-2014-4460 Spotlight Available for: OS X Yosemite v10.10 Impact: Unnecessary information is included as part of the initial connection between Spotlight or Safari and the Spotlight Suggestions servers Description: The initial connection made by Spotlight or Safari to the Spotlight Suggestions servers included a user's approximate location before a user entered a query. This issue was addressed by removing this information from the initial connection and only sending the user's approximate location as part of queries. CVE-ID CVE-2014-4453 : Ashkan Soltani System Profiler About This Mac Available for: OS X Yosemite v10.10 Impact: Unnecessary information is included as part of a connection to Apple to determine the system model Description: The request made by About This Mac to determine the model of the system and direct users to the correct help resources included unnecessary cookies. This issue was addressed by removing cookies from the connection. CVE-ID CVE-2014-4458 : Landon Fuller of Plausible Labs WebKit Available for: OS X Yosemite v10.10 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of page objects. This issue was addressed through improved memory management. CVE-ID CVE-2014-4459 OS X Yosemite 10.10.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJUadzaAAoJEBcWfLTuOo7t+NEQAJ9Ol8jEbJjK9gX2vepXSgB/ l4xfQIoD0dC5vGKquE+HJS0zH7sdmd9mK+Th439fy4z2PtjulQIKXDdP60CFsZcQ oj7XU1TmWvZjCqWsr90fA61mIWsX9WjfbwKaN55ioLF2NOXBA1+AevqsosN/kj9m OcfGnIhaAOmFtlveKywSwwep0TGMXMHmi7NjScdlJRdu1GQAlpkq0iqkMjzueoPI zgZuC3xopuqMtaf686cAcgVo0FM8gX3Gj55MhDDy2bkl4/dj1+N5KBnaZGGQEaww 9FNtK0OUBzG9qpBRDMbuAihGn4FzhZa3/DIAjfr6t2h1xV5SSjH93wGbCl7Yp8jE +Gi82WRf3DJ60ztGRvQZkiBpkC0pMretdBHXRAiSTWwiRuRYghENmY9vDWHthj3z 8HZWHxbcGLsDQQKUFzO4+v60LKs/LQ92nTNhuQyMeh4Jse3Qg8lUknthSEsw1UXd GqOKlvKOEQP5JXir6VzjgppYThBAVKnCbzVXcxLUGgVxmk9L/HDhbnxS3rd2U4M0 vAxgBt8/8sjDEdO7IM6AtmBlSGQrxQ4trkG3vmw75RVgwWvFQ1J7b588qtFiVu/N KRTp3qMKRkZiakkinyZEv6zj6AKKa1CohlorI7tiD0rlOYbw1+n2gHi+1ahreO6f VT75kTNto2qPitQC9I+6 =9Emx -----END PGP SIGNATURE-----