In August of last year Apple addressed an OpenSSH vulnerability (CVE-2015-5600) with "Security Update 2015-006” (https://support.apple.com/en-us/HT205031). Although the update ran on both Mavericks and Yosemite, OpenSSH was only patched for 10.10.x. At that time IST was sending out SNS alerts for OS X machines that had Remote Login enabled; the solution was to disable SSH on machines earlier then 10.10, run the patch on Yosemite, or later to update to El Capitan when it was qualified. This is likely what led to security’s decision to sunset support for OS X 10.9 Mavericks.
While this week’s release of "Security Update 2016-002” does include some Mavericks fixes (including some for OpenSSH), CVE-2015-5600 is still not patched in OS X 10.9.5, so it can still be accurately described as an "operating system(s) with vulnerabilities that are not patched by Apple…”. Bummer. -david > On Mar 22, 2016, at 1:43 PM, Robert Lettieri <robe...@ssl.berkeley.edu> asked: > > All— > According to this: > https://security.berkeley.edu/faq/isp-security-notices/operating-system-unsupported > > Current list of Mac OS X versions receiving Security Updates from Apple (as > of Feb 1 2016): > > • Mac OS X 10.10 “Yosemite” > • Mac OS X 10.11 “El Capitan” > > Apple released a security update yesterday for 10.9 > https://support.apple.com/en-us/HT201222 > > So does that mean that 10.9.5 is now a supported OS? > > Robert -- David Schwartz schwa...@berkeley.edu Campus Shared Services IT To submit a service request, please go to https://shared-services-help.berkeley.edu/ or call 664-9000, options 1, 4, 2 ------------------------------------------------------------------------- The following was automatically added to this message by the list server: To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site: http://micronet.berkeley.edu Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past. ANNOUNCEMENTS: To send announcements to the Micronet list, please use the micronet-annou...@lists.berkeley.edu list.
