There are 20+ security fixes for macOS Catalina and Mojave.
Fixes included are for flaws that could lead to malicious applications gaining root access, arbitrary code being executed with kernel privileges, and more. MacOS Mojave 10.14.Along with macOS 11.5 being released, security updates have arrived for both macOS Catalina and Mojave. We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of
We would like to acknowledge Jeff Johnson of for Unexpected application termination or arbitrary code executionĬVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Impact: Parsing a maliciously crafted office document may lead to an Impact: The encryption status of a Time Machine backup may beĭescription: An inconsistent user interface issue was addressed withĬVE-2019-8667: Roland Kletzing of cyber:con GmbH Impact: An attacker may be able to trigger a use-after-free in anĪpplication deserializing an untrusted NSDictionaryĬVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google ProjectĪvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: A remote attacker may be able to view sensitive informationĭescription: A stack overflow was addressed with improved input Unauthorized actions by intercepting communications between servicesĭescription: This issue was addressed with improved checks to preventĬVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team Impact: An issue existed in Samba that may allow attackers to perform Research Team working with Trend Micro's Zero Day InitiativeĬVE-2019-8692: Lilang Wu and Moony Li of Trend Micro Mobile Security Solita, Lilang Wu and Moony Li of Trend Micro's Mobile Security Impact: An application may be able to execute arbitrary code withĬVE-2019-8697: ccpwd working with Trend Micro's Zero Day InitiativeĬVE-2019-8648: Tao Huang and Tielei Wang of Team Panguĭescription: This issue was addressed with improved checks.ĬVE-2019-8663: Natalie Silvanovich of Google Project ZeroĬVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google ProjectĬVE-2019-8695: riusksk of VulWar Corp working with Trend Micro's ZeroĪvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.5ĬVE-2019-8691: Aleksandr Tarasikov Arash Tohidi of Impact: A remote attacker may be able to cause unexpected applicationĬVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Impact: A remote attacker may be able to leak memoryĭescription: An out-of-bounds read was addressed with improved inputĬVE-2019-8646: Natalie Silvanovich of Google Project Zero Kasper Rasmussen ofĭescription: A use after free issue was addressed with improvedĬVE-2019-8661: Natalie Silvanovich of Google Project Zero Issue was addressed with improved input validation.ĬVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr.
Intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)ĭescription: An input validation issue existed in Bluetooth. Impact: An attacker in a privileged network position may be able to Impact: A remote attacker may be able to cause arbitrary codeĭescription: A memory corruption issue was addressed with improved On files mounted through a network share.
Impact: Extracting a zip file containing a symbolic link to anĮndpoint in an NFS mount that is attacker controlled may bypassĭescription: This was addressed with additional checks by Gatekeeper Impact: An application may be able to read restricted memoryĭescription: A validation issue was addressed with improved inputĪvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Security Update 2019-004 Sierra address the MacOS Mojave 10.14.6, Security Update 2019-004 High Sierra, By Thread APPLE-SA-1 Additional information for APPLE-SA-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierraįrom: Apple Product Security via Fulldisclosure ĪPPLE-SA-2 macOS Mojave 10.14.6, Security UpdateĢ019-004 High Sierra, Security Update 2019-004 Sierra