Apple's Thursday launch of OS X Yosemite 10.10 includes fixes for more than 40 vulnerabilities, including a flaw known as POODLE, which can enable an attacker to decrypt data protected by SSL, and another known as Shellshock, or Bash bug, which can allow a remote attacker to execute arbitrary shell commands.
Among the other vulnerabilities being addressed in Yosemite 10.10 are a buffer overflow in QuickTime that can enable arbitrary code execution, two issues in Safari and one flaw in Bluetooth, as well as other bugs that can enable theft of WiFi credentials, denial-of-service and more.
For those who are not upgrading to Yosemite just yet, Apple released Security Update 2014-005 for OS X Mountain Lion and OS X Mavericks on Thursday, which also contains fixes for POODLE and Shellshock.