Apple released OS X 10.10.5 last week, which fixes several bugs discovered by developers and posted on the forum to Apple solved. But just a week after that, security researchers revealed that OS X Yosemite, as well as OS X Mavericks, harbored bugs that allow an attacker to gain remote access to a Mac computer.
Italian developer Luca Todesco has revealed two vulnerabilities that, when combined with attacks, can damage the memory of the OS X kernel. The vulnerabilities concern OS X 10.10.5 and OS X 10.9.5. According to the developer, the attacker bypasses the system's kernel address space, which contains defense techniques to stop the malicious code, allowing the attacker to run the code and gain access to the root shell, i.e. root.
Todesco posted all information regarding his disclosure on the GitHub developer forum. He even added a fix to his note, which, while not official, is the only solution for now to keep your Mac safe. Unfortunately, the developer did not mention how to avoid the problem, but a sure solution is definitely not to visit untrusted websites.
However, it seems that the latest OS X El Capitan does not suffer from the mentioned flaws, as the developers were not able to run the malicious code on the latest system. Whereas the Apple should release the latest OS X 10.11 already in the fall, it may also happen that no patch for older systems will arrive, but on the other hand Apple it almost always fixes security issues immediately with a quick fix.
It's like MiB. There is always some kind of threat, like an intergalactic plague, or an Arkvilian death ray :-) No system will ever be somehow attackable if it is connected to the network. In addition, no one is guaranteed that we will not voluntarily install the backdoor into the system with a third-party repair :-)