MacOS 'Catalina' 10.15 comes packed with exclusive security fixes - gee, thanks, Apple

Apple has taken the opportunity of its official macOS Catalina release on Monday to close more than a dozen security holes in the desktop operating system.

The macOS 10.15 update, out today, includes fixes for a total of 16 CVE-listed security vulnerabilities in various components.

These particular patches, it should be noted, are, for now at least, only being offered in macOS 10.15. Those staying with Mojave, aka 10.14, will get a Safari update, though it does not contain any security content. In other words, if any of these 16 holes are present in pre-Catalina releases of macOS, users of those builds may have to wait a while for security updates to arrive for those versions.

This will thus put some Mac loyalists in the unenviable position of choosing to install the latest security fixes, and have an app or two break with macOS 10.15, or sit out the upgrade for now and miss out on patches. Remember that the first public release of Apple's OS tends to be a little bumpy.

Bugs zapped

Among the more serious bugs killed off in Catalina are a pair of flaws (CVE-2019-8781, CVE-2019-8717) in the macOS kernel itself that would allow for arbitrary code execution. In each case, an application that can access the kernel already on the system would trigger a memory corruption error and exploit the flaw.

Arbitrary code execution errors (again requiring an application to already be running on the machine) were also spotted and patched in firmware for AMD (CVE-2019-8748) and Intel Graphics Driver (CVE-2019-8758) code.

Code execution can also be attained by opening up a poisoned text file, thanks to CVE-2019-8745, a buffer overflow error traced back to macOS' UIFoundation component.

Apple's WebKit engine will receive two patches. The first bug, CVE-2019-8769, would allow a malicious website to snoop user browsing history. The second, CVE-2019-8768, is an error in the "clear history and website data" command that results in incorrectly retaining information that was supposed to be wiped.

One of the more interesting bugs in the update was CVE-2019-8772. That flaw, disclosed earlier this month in a paper by uni boffins in Bochum and Münster, allows an attacker to exfiltrate some data out of encrypted PDFs.

Another is CVE-2019-8755, a "logic issue" in the IOGraphics component that could allow a rogue application to snoop on kernel memory contents.

Mac owners are not the only ones who will want to look out for an Apple update. The Windows port of the iCloud software (10.7 for Windows 10 and 7.14 for Windows 7) also received updates.

Among those are the CVE-2019-8745 text file flaw that allows code execution as well as two cross-site-scripting (CVE-2019-8625, CVE-2019-8719) and five arbitrary code execution flaws (CVE-2019-8707, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8763) in WebKit.

Admins might want to get the Apple updates tested and installed today, as the patch workload will be increasingly substantially tomorrow when Microsoft, Adobe, and SAP all deliver their monthly security fixes. ®

Search
About Us
Website DownloadCrackz provides softwares, patches, cracks and keygens. If you have software or keygens to share, feel free to submit it to us here. Also you may contact us if you have software that needs to be removed from our website. Thanks for use our service!
IT News
Jan 18
Jan 17
Time to burst out graphing: Get the Windows Insider experience... by taping a calculator to your monitor

Microsoft releases a Windows 10 Fast Ring refresh and previews new calc toys

Jan 17
Jan 17
WebAssembly: Key to a high-performance web, or ideal for malware? Reg speaks to co-designer Andreas Rossberg

State of Wasm: 'Better support for high-level languages', plus interesting cross-platform news

Jan 17
Jan 16
The Curse of macOS Catalina strikes again as AccountEdge stays 32-bit

Apple: 'The apps you use every day.' Except that one. And that one. And those are right out

Jan 16