Yosemite 10.11 Download

  

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.

  • Answer: Magic Mouse 2 is the currently available rechargeable mouse from Apple. It won’t work unless you have Bluetooth & turn it on in System Preferences. Or, if your computer lacks bluetooth, you could buy & install an external USB dongle from a non-Apple vendor.
  • Apple has finally released OS X 10.10.1 Yosemite for Mac users, and the update predictably addresses all those painful Wi-Fi bugs that some users have been facing for a while. Apple also released iOS 8.1.1 download for its mobile devices alongside the Yosemite update.

MacOS Sierra 10.12 (Direct DMG download link) OS X El Capitan 10.11 (Direct dmg download link) OS X Yosemite 10.10 (Direct download link) Mac OS X Mountain Lion 10.8. The OS X Yosemite 10.10.5 update improves the stability, compatibility, and security of your Mac, and is recommended for all users. This update: Improves compatibility with certain email servers when using Mail. Fixes an issue in Photos that prevented importing videos from GoPro cameras.

Mac Os 10.10 Yosemite Download

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other security updates, see Apple security updates.

OS X El Capitan 10.11.1, Security Update 2015-004 Yosemite, and Security Update 2015-007 Mavericks

  • Accelerate Framework

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking.

    CVE-ID

    CVE-2015-5940 : Apple

  • apache_mod_php

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: Multiple vulnerabilities in PHP

    Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.29 and 5.4.45. These were addressed by updating PHP to versions 5.5.29 and 5.4.45.

    CVE-ID

    CVE-2015-0235

    CVE-2015-0273

    CVE-2015-6834

    CVE-2015-6835

    CVE-2015-6836

    CVE-2015-6837

    CVE-2015-6838

  • ATS

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: Visiting a maliciously crafted webpage may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue existed in ATS. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-6985 : John Villamil (@day6reak), Yahoo Pentest Team

  • Audio

    Available for: OS X El Capitan 10.11

    Impact: A malicious application may be able to execute arbitrary code

    Description: An uninitialized memory issue existed in coreaudiod. This issue was addressed through improved memory initialization.

    CVE-ID

    CVE-2015-7003 : Mark Brand of Google Project Zero

  • Audio

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: Playing a malicious audio file may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the handling of audio files. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2015-5933 : Apple

    CVE-2015-5934 : Apple

  • Bom

    Available for: OS X El Capitan 10.11

    Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

    Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata.

    CVE-ID

    CVE-2015-7006 : Mark Dowd of Azimuth Security

  • CFNetwork

    Available for: OS X El Capitan 10.11

    Impact: Visiting a maliciously crafted website may lead to cookies being overwritten

    Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing.

    CVE-ID

    CVE-2015-7023 : Marvin Scholz and Michael Lutonsky; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC

  • configd

    Available for: OS X El Capitan 10.11

    Impact: A malicious application may be able to elevate privileges

    Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients.

    CVE-ID

    CVE-2015-7015 : PanguTeam

  • CoreGraphics

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in CoreGraphics. These issues were addressed through improved memory handling.

    CVE-ID

    CVE-2015-5925 : Apple

    CVE-2015-5926 : Apple

  • CoreText

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team

  • CoreText

    Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11

    Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team

Yosemite 10.11 Download
  • CoreText

    Available for: OS X El Capitan 10.11

    Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team

  • CoreText

    Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5

    Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2015-5944 : John Villamil (@day6reak), Yahoo Pentest Team

  • Directory Utility

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: A local user may be able to execute arbitrary code with root privileges

    Description: An authentication issue existed during the establishment of new sessions. This issue was addressed through improved authorization checks.

    CVE-ID

    CVE-2015-6980 : Michael of Westside Community Schools

  • Disk Images

    Available for: OS X El Capitan 10.11

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A memory corruption issue existed in the parsing of disk images. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-6995 : Ian Beer of Google Project Zero

  • EFI

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: An attacker can exercise unused EFI functions

    Description: An issue existed with EFI argument handling. This was addressed by removing the affected functions.

    CVE-ID

    CVE-2014-4860 : Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of The MITRE Corporation, coordinated via CERT

    Entry updated June 30, 2017

  • File Bookmark

    Available for: OS X El Capitan 10.11

    Impact: Browsing to a folder with malformed bookmarks may cause unexpected application termination

    Description: An input validation issue existed in parsing bookmark metadata. This issue was addressed through improved validation checks.

    CVE-ID

    CVE-2015-6987 : Luca Todesco (@qwertyoruiop)

  • FontParser

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2015-5927 : Apple

    CVE-2015-5942

    CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero Day Initiative

    CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team

  • FontParser

    Available for: OS X El Capitan 10.11

    Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the handling of font files. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team

    CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team

  • Grand Central Dispatch

    Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11

    Impact: Processing a maliciously crafted package may lead to arbitrary code execution

    Description: A memory corruption issue existed in the handling of dispatch calls. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-6989 : Apple

  • Graphics Drivers

    Available for: OS X El Capitan 10.11

    Impact: A local user may be able to cause unexpected system termination or read kernel memory

    Description: Multiple out of bounds read issues existed in the NVIDIA graphics driver. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2015-7019 : Ian Beer of Google Project Zero

    CVE-2015-7020 : Moony Li of Trend Micro

  • Graphics Drivers

    Available for: OS X El Capitan 10.11

    Impact: A local user may be able to execute arbitrary code with kernel privileges

    Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-7021 : Moony Li of Trend Micro

  • ImageIO

    Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5

    Impact: Processing a maliciously crafted image file may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues were addressed through improved metadata validation.

    CVE-ID

    CVE-2015-5935 : Apple

    CVE-2015-5938 : Apple

  • ImageIO

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: Processing a maliciously crafted image file may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the parsing of image metadata. These issues were addressed through improved metadata validation.

    CVE-ID

    CVE-2015-5936 : Apple

    CVE-2015-5937 : Apple

    CVE-2015-5939 : Apple

  • IOAcceleratorFamily

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: A malicious application may be able to execute arbitrary code with system privileges

    Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-6996 : Ian Beer of Google Project Zero

  • IOHIDFamily

    Available for: OS X El Capitan 10.11

    Impact: A malicious application may be able to execute arbitrary code with kernel privileges

    Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-6974 : Luca Todesco (@qwertyoruiop)

  • Kernel

    Available for: OS X Yosemite v10.10.5

    Impact: A local user may be able to execute arbitrary code with system privileges

    Description: A type confusion issue existed in the validation of Mach tasks. This issue was addressed through improved Mach task validation.

    CVE-ID

    CVE-2015-5932 : Luca Todesco (@qwertyoruiop), Filippo Bigarella

  • Kernel

    Available for: OS X El Capitan 10.11

    Impact: An attacker with a privileged network position may be able to execute arbitrary code

    Description: An uninitialized memory issue existed in the kernel. This issue was addressed through improved memory initialization.

    CVE-ID

    CVE-2015-6988 : The Brainy Code Scanner (m00nbsd)

  • Kernel

    Available for: OS X El Capitan 10.11

    Impact: A local application may be able to cause a denial of service

    Description: An issue existed when reusing virtual memory. This issue was addressed through improved validation.

    CVE-ID

    CVE-2015-6994 : Mark Mentovai of Google Inc.

  • libarchive

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: A malicious application may be able to overwrite arbitrary files

    Description: An issue existed within the path validation logic for symlinks. This issue was addressed through improved path sanitization.

    CVE-ID

    CVE-2015-6984 : Christopher Crone of Infinit, Jonathan Schleifer

  • MCX Application Restrictions

    Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11

    Impact: A developer-signed executable may acquire restricted entitlements

    Description: An entitlement validation issue existed in Managed Configuration. A developer-signed app could bypass restrictions on use of restricted entitlements and elevate privileges. This issue was addressed through improved provisioning profile validation.

    CVE-ID

    CVE-2015-7016 : Apple

  • mDNSResponder

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11

    Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

    Description: Multiple memory corruption issues existed in DNS data parsing. These issues were addressed through improved bounds checking.

    CVE-ID

    CVE-2015-7987 : Alexandre Helie

  • mDNSResponder

    Available for: OS X El Capitan v10.11

    Impact: A local application may be able to cause a denial of service

    Description: A null pointer dereference issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-7988 : Alexandre Helie

Download Yosemite Dmg File

  • Net-SNMP

    Available for: OS X El Capitan 10.11

    Impact: An attacker in a privileged network position may be able to cause a denial of service

    Description: Multiple issues existed in netsnmp version 5.6. These issues were addressed by using patches affecting OS X from upstream.

    CVE-ID

    CVE-2012-6151

    CVE-2014-3565

Os x yosemite dmg
  • OpenGL

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

    Description: A memory corruption issue existed in OpenGL. This issue was addressed through improved memory handling.

    CVE-ID

    CVE-2015-5924 : Apple

  • OpenSSH

    Available for: OS X El Capitan 10.11

    Impact: A local user may be able to conduct impersonation attacks

    Description: A privilege separation issue existed in PAM support. This issue was addressed with improved authorization checks.

    CVE-ID

    CVE-2015-6563 : Moritz Jodeit of Blue Frost Security GmbH

  • Sandbox

    Available for: OS X El Capitan 10.11

    Impact: A local user may be able to execute arbitrary code with kernel privileges

    Description: An input validation issue existed when handling NVRAM parameters. This issue was addressed through improved validation.

    CVE-ID

    CVE-2015-5945 : Rich Trouton (@rtrouton), Howard Hughes Medical Institute, Apple

  • Script Editor

    Available for: OS X El Capitan 10.11

    Impact: An attacker may trick a user into running arbitrary AppleScript

    Description: In some circumstances, Script Editor did not ask for user confirmation before executing AppleScripts. This issue was addressed by prompting for user confirmation before executing AppleScripts.

    CVE-ID

    CVE-2015-7007 : Joe Vennix

  • Security

    Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan 10.11

    Impact: An Apple-signed binary could be used to load arbitrary files

    Description: Certain Apple-signed executables loaded applications from relative locations. This was addressed through additional checks in Gatekeeper.

    CVE-ID

    CVE-2015-7024 : Patrick Wardle of Synack

  • Security

    Available for: OS X El Capitan 10.11

    Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution

    Description: Multiple memory corruption issues existed in the ASN.1 decoder. These issues were addressed through improved input validation.

    CVE-ID

    CVE-2015-7059 : David Keeler of Mozilla

    CVE-2015-7060 : Tyson Smith of Mozilla

    CVE-2015-7061 : Ryan Sleevi of Google

  • Security

    Available for: OS X El Capitan 10.11

    Impact: A malicious application may be able to overwrite arbitrary files

    Description: A double free issue existed in the handling of AtomicBufferedFile descriptors. This issue was addressed through improved validation of AtomicBufferedFile descriptors.

    CVE-ID

    CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey Ulanov from the Chrome Team

  • SecurityAgent

    Available for: OS X El Capitan 10.11

    Impact: A malicious application can programmatically control keychain access prompts

    Description: A method existed for applications to create synthetic clicks on keychain prompts. This was addressed by disabling synthetic clicks for keychain access windows.

    CVE-ID

    CVE-2015-5943

OS X El Capitan v10.11.1 includes the security content of Safari 9.0.1.

Security Update 2015-004 and 2015-007 is recommended for all users and improves the security of OS X.

Os X Yosemite 10.11 Download

Firefox version 78 is the last supported Firefox version for Mac users of OS X 10.9 Mavericks, OS X 10.10 Yosemite and OS X 10.11 El Capitan. These users will be moved to the Firefox Extended Support Release (ESR) channel by an application update. This will provide security updates until the next ESR update in July 2021, after which the affected users will no longer receive security updates.

While Apple does not have a public policy governing security updates for older OS X releases, their ongoing practice has been to support the most recent three releases. The last security update applicable to OS X 10.11 was made available in July 2018. Unsupported operating systems do not receive security updates, have known exploits and can be dangerous to use, which makes it difficult to maintain Firefox on those versions.

Yosemite 10.11 Download

Up until July 2021, we will be updating affected users with critical security updates through the Firefox ESR channel to help retain the best possible security. After this, no security updates will be provided.

Yosemite 10.11 Download Free

If you want to keep your Firefox version up to date, you will need to upgrade your operating system to macOS 10.12 or higher. Older versions that are not supported by Apple are unreliable and unsafe to use, which also makes it difficult to maintain Firefox on those versions.