Apple has released the latest version of OS X Yosemite (v10.10.2) and the first security update (2015-001) for this year, and among the problems fixed is one affecting the CPU software, allowing malicious Thunderbolt devices to modify the host firmware if connected during an EFI update.
The security vulnerability has been dubbed Thunderstrike by researcher Trammell Hudson, who discovered it and created a proof-of-concept, persistent bootkit that can exploit it.
The three zero-days vulnerabilities recently disclosed by Google have also been patched with this update, as have a number of others flagged down by the same researcher – Ian Beer of Google Project Zero.
The security update also includes patches for many critical issues affecting OS X Mavericks (10.9.5) and OS X Mountain Lion (10.8.5), and all OS X users are advised to install the security update or the latest Yosemite version. OS X Yosemite 10.10.2 includes the security content of Safari 8.0.3.
For more details about the patched security and privacy vulnerabilities go here. The new version also includes many other functional improvements, including those solving some persistent Wi-Fi problems.