Carnegie Mellon University
August 21, 2015

Security Alert: Mac OS X Yosemite (10.10.4 0 5) Vulnerable to Exploits

WHOM DOES THIS AFFECT?

Mac OS X Yosemite (10.10.4 - 5) Vulnerable to Exploits

SUMMARY

Critical threats were detected in the Yosemite OS X (versions 10.10.4 - 5) operating system. One of the methods by which attackers use to exploit the operating system is going through untrusted applications from the web. Installing untrusted applications could allow attackers to gain access to the computer without using a password -- allowing them to take full control. The Information Security Office (ISO) recommends that those using the Macintosh operating system enable the Gatekeeper feature (built-in to Yosemite) for protective measures until Apple provides a software update to correct this issue.

Gatekeeper is an OS X feature that's been available since version 10.7. The service checks whether the application you're about to install is signed by Apple or another trusted developer and will prompt you if you'd like to download an application from the Apple app store.


WHAT YOU NEED TO DO

Enable Gatekeeper:

  1. Click the Apple icon on the menu bar.
  2. Click System Preferences > Security & Privacy.
    Note: You may need to click the Apple lock at the bottom of the dialog box to allow changes.
  3. Select the General Tab and under "Allow apps downloaded from..." select "Mac App Store and Identified Developers."
    Note: This option is the default option.

IF you cannot enable Gatekeeper:

Contact your department's IT staff or the Computing Services Help Center (412-268-HELP or it-help@cmu.edu).

IF you suspect your computer was compromised:

  1. Disconnect your computer from the network IMMEDIATELY
  2. Report the incident to the Information Security Office at iso-ir@andrew.cmu.edu.
    Note: Staff members who suspect compromised work computers must indicate whether sensitive information was stored on the computer upon contacting ISO.

CONTACT
Please direct any questions or comments to the Computing Services Help Center (412-268-HELP or it-help@cmu.edu) or to your departmental administrator or DSP consultant.