APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4,Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update
2019-002 High Sierra, Security Update 2019-002 Sierra
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra are now available and
addresses the following:
AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and
shrek_wzw of Qihoo 360 Nirvan Team
Bom
Available for: macOS Mojave 10.14.3
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file
metadata.
CVE-2019-6239: Ian Moorhouse and Michael Trimm
CFString
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
configd
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
DiskArbitration
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: An encrypted volume may be unmounted and remounted by a
different user without prompting for the password
Description: A logic issue was addressed with improved state
management.
CVE-2019-8522: Colin Meginnis (@falc420)
FaceTime
Available for: macOS Mojave 10.14.3
Impact: A user's video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video. The
issue was resolved with improved logic.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher
Graphics Drivers
Available for: macOS Mojave 10.14.3
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin
(@panicaII) and Junzhi Lu of Trend Micro Research working with Trend
Micro's Zero Day Initiative
iAP
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher
IOGraphics
Available for: macOS Mojave 10.14.3
Impact: A Mac may not lock when disconnecting from an external
monitor
Description: A lock handling issue was addressed with improved lock
handling.
CVE-2019-8533: an anonymous researcher, James Eagan of Télécom
ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT
IOHIDFamily
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8504: an anonymous researcher
IOKit SCSI
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: Mounting a maliciously crafted NFS network share may lead to
arbitrary code execution with system privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8508: Dr. Silvio Cesare of InfoSect
Kernel
Available for: macOS Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-7293: Ned Williamson of Google
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed with improved input
validation.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Messages
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8546: ChiYuan Chang
Notes
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view a user's locked notes
Description: An access issue was addressed with improved memory
management.
CVE-2019-8537: Greg Walker (gregwalker.us)
PackageKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2019-8561: Jaron Bradley of Crowdstrike
Perl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: Multiple issues in Perl
Description: Multiple issues in Perl were addressed in this update.
CVE-2018-12015: Jakub Wilk
CVE-2018-18311: Jayakrishna Menon
CVE-2018-18313: Eiichi Tsukata
Power Management
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed with improved validation.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)
QuartzCore
Available for: macOS Mojave 10.14.3
Impact: Processing malicious data may lead to unexpected application
termination
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8526: Linus Henze (pinauten.de)
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre
(NCSC)
Siri
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests. This issue was addressed with improved validation.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Carabaș of University
POLITEHNICA of Bucharest, and Răzvan Deaconescu of University
POLITEHNICA of Bucharest
Time Machine
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A local user may be able to execute arbitrary shell commands
Description: This issue was addressed with improved checks.
CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs
TrueTypeScaler
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative
XPC
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Accounts
We would like to acknowledge Milan Stute of Secure Mobile Networking
Lab at Technische Universität Darmstadt for their assistance.
Books
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.
Mail
We would like to acknowledge Craig Young of Tripwire VERT and Hanno
Böck for their assistance.
Time Machine
We would like to acknowledge CodeColorist of Ant-Financial LightYear
Labs for their assistance.
Installation note:
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4,Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra的更多相关文章
- VMWare 14.1 15 Pro 安装 macOS Mojave 10.14.1系统 遇到的问题解决方案
安装环境 WIN10VMware Workstation Pro 15.0.0 Build 10134415工具准备1.VMware Workstation Pro 15.0.0 Build 1013 ...
- OS + macOS Mojave 10.14.4 / sushi / ssh-keygen / ssh-copy-id
s 系统版本: macOS 10.14.4 (18E226) 内核版本: Darwin 18.5.0 型号名称: Mac mini 2014 型号标识符: Macmini7,1 处理器名称: Inte ...
- macOS Mojave 10.14 无法安装brew缺少Command Line Tools for Xcode的解决办法
问题描述: 首先我的版本是 Xcode 10.1 如果按照以前的方法安装brew 复制 1 /usr/bin/ruby -e "$(curl -fsSL https://raw.github ...
- 【Len's DMG】macOS Mojave 10.14.1 正式版 18B75 With Clover 4726原版镜像
亮点:本次10.14.1正式版镜像更新config配置文件SMbios机型信息,让识别更趋于完善,自带去除10.14.1 USB端口限制补丁和最新USBInjectAll.kext,移除大量可能造成卡 ...
- macOS Mojave 10.14上安装iTunes12.6
将一下内容保存为iTunes.scpt,并运行 set question to display dialog "确定是否删除 iTunes ?" buttons {"Ye ...
- Mac Mojave(10.14.1)执行Matlab的mex报错
先装了matlab2018b,发现很频繁的crash,同时考虑到要跑的代码在>=2017a时就计算错误,于是转战matlab2016b matlab2016b安装后,执行mex -setup报错 ...
- Mac Mojave 10.14.5安装python tesserocr
<1>先安装两个依赖库: brew install tesseract brew install leptonica 网上有些教程说要安装imagemagick,这里我觉得应该是不需要的, ...
- Apple macOS Mojave Intel Graphics Driver组件任意代码执行漏洞
受影响系统:Apple macOS Mojave 10.14.5描述:CVE(CAN) ID: CVE-2019-8629 Apple macOS Mojave是苹果公司Mac电脑系列产品的操作系统. ...
- VMware虚拟机安装黑苹果MacOS Mojave系统详细教程
更多资源请百度搜索:前端资源网 欢迎关注我的博客:www.w3h5.com 最近遇到一个H5页面的 iPhone X 刘海兼容问题.查到一个 XCode 编辑器,可以模拟 iPhone X 环境运行. ...
随机推荐
- A1043. Is It a Binary Search Tree
A Binary Search Tree (BST) is recursively defined as a binary tree which has the following propertie ...
- [luogu2296][寻找道路]
直接赋题目..... 题目描述 在有向图G 中,每条边的长度均为1 ,现给定起点和终点,请你在图中找一条从起点到终点的路径,该路径满足以下条件: 1 .路径上的所有点的出边所指向的点都直接或间接与终点 ...
- 高DPI下界面错乱的解决方法和原理
来源: http://bbs.csdn.net/topics/370177760 我在win32 + c写的界面中解决办法,就是把字体的字号给固定了,这样做的结果就是,不管dpi是否有改变,界面中控件 ...
- django 通过ajax完成邮箱用户注册、激活账号
一.图片验证码 django-simple-captcha配置 1.在pycharm中,File====>Settings====>Project:项目名====>Project I ...
- 斯坦福大学公开课机器学习: neural networks learning - autonomous driving example(通过神经网络实现自动驾驶实例)
使用神经网络来实现自动驾驶,也就是说使汽车通过学习来自己驾驶. 下图是通过神经网络学习实现自动驾驶的图例讲解: 左下角是汽车所看到的前方的路况图像.左上图,可以看到一条水平的菜单栏(数字4所指示方向) ...
- linux less对文件内容进行搜索
[ 可以先用 less 文件名 来打开文件, 然后可以按回车,打开底部命令输入行(即出现一个冒号的位置), 然后可以使用 键盘上的 home 键跳到文件开始,end键跳到最后,PgUp向前翻页,Pg ...
- (set)MG loves gold hdu6019
MG loves gold Time Limit: 3000/1500 MS (Java/Others) Memory Limit: 262144/262144 K (Java/Others) ...
- MySQL三层结构、用户权限、索引设计原则
一.守护进程是什么? Linux Daemon(守护进程)是运行在后台的一种特殊进程.它独立于控制终端并且周期性地执行某种任务或等待处理某些发生的事件.它不需要用户输入就能运行而且提供某种服务,不是对 ...
- Zookeeper 集群安装配置
今天,栈长分享下 Zookeeper 的集群安装及配置. 下载 下载地址:http://zookeeper.apache.org/ 下载过程就不说了,我们下载了最新的zookeeper-3.4.11. ...
- IE缓存查看的方法
选择设置中的Internet选项中, 然后点击查看文件: 最终缓存目录: