what a timely patch fix
A root backdoor in an unpublished API. Discovered last October. Only patched this week.
Let's apply some 2000-year old critical thinking to this unpublished root backdoor API thing: Cui bono?
Having said that, Yosemite is totally secure now after this latest patch blob. No more unpublished API root backdoors.
Translation: the new one hasn't been found yet.