CAUTION: IF YOU USE ANY SYSTEM MODS (TotalFinder, cDock, Liteicon, Yosemite Revert, etc. , anything using SIMBL), refrain from updating until you thoroughly understand the consequences or the developer has offered a workaround (if possible). Frankly, developers who are part of the Apple Developer Program have known for quite some time during the beta of 10.10.4 that Apple was integrating SIP (System Integrity Protection) aka 'rootless' administration, so developers should have had plenty of time to figure out if their app is effected and what to do. those that are finding out now their app is broken either weren't following what was going on, aren't registered with Apple, or maybe hoped Apple was going to change its mind about SIP (System Integrity Protection).
SIP is a security feature, on the whole, it actually makes sense. It's to prevent non-Apple programs from modifying operating system files, which is what malware and viruses do. From the very beginning of OSX, from 10.0.0 up to 10.10.3, an installer program was free to modify just about anything it wanted, once the user entered the password during install. (and the user was an admin, which just about everyone runs from an admin account). It's amazing there hasn't been more chaos and malware because of this ability.
The flip side of this is that many 'legit' programs that modify the system, also by definition, have to modify system files. Many of these programs (Totalfinder, cDock, anything using SIMBL) work by 'injection' , they actually find Apple code in memory and 'inject' themselves into it, or substitute themselves for it. From a app standpoint, even though it is intended and 'okay', 10.10.4 can't tell the difference between that and viral behavior. You can't judge intent, you can only go by behavior and what you see. 'Thou shalt not touch or attempt to modify the operating system in any way!"
Before you say all of this is unnecessary, Macs don't have malware, blah blah, hold off. Apple obviously sees the writing on the wall, as a community we have been lucky regards malware such as on the scale seen on Windows, but it's certainly possible. Up till now, once the user entered their password during an install (from an admin account), an installer could pretty much do whatever it wanted.
With SIP, Apple is just trying to get ahead of the curve. Now it's still required for a user to enter a password when installing, but now if the program is malicious, it will be locked out from messing around with the operating system files. Obviously people will be disappointed that some of their favorite hacks may not work anymore, but before we all dump on Apple, understand why Apple did this, and why something like SIP was really inevitable. Read the headlines, cyber space is getting more dangerous everyday....US and China about headed to war over cyber hacking. All the hacked software people get from torrents (Mac and Windows) is RIDDLED with malware.
It's possible Apple may eventually allow some kind of 'whitelist' that will let you define what apps can bypass SIP, but that will require that apps are signed, something a lot of mod programs and mod developers don't do, because 1), these apps are basically hacks, 2) getting Apple to issue a signed certificate to a developer of a hack is, shall we say, problematic.
Of course, SIP can be disabled, this is not the place to discuss it. Understand the consequences if you go that route, make an informed decision, weigh the pros and cons, and live with the consequences. If you are very careful about what you install, download, and trust the vendors, disabling SIP may not be a big deal.
Lastly, as I always like to say, if you aren't using virtualization, you are just being foolish (Parallels, Fusion, Virtualbox etc) I test all new software in a virtual machine, all updates, etc. Only when I'm comfortable do I then push the update/software to my every day 'get my work done' system. The folks that rush to install every latest update, etc, into their every day system and then complain stuff is broken, well, can't help you. If you don't want to use virtual machines, then get an external drive and make some extra boot partitions and test your software on those first. REally is no excuse. Hard disks are cheap