![]() |
Security Update: macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra
(2019-01-22)Apple has updated macOS Mojave to version 10.14.3, and has released Security Update 2019-001 High Sierra, and Security Update 2019-001 Sierra. The updates address the following security related issues:
- AppleKeyStore (CVE-2019-6235; macOS Mojave 10.14.2): A sandboxed process may be able to circumvent sandbox restrictions
- Bluetooth (CVE-2019-6200; macOS High Sierra 10.13.6, macOS Mojave 10.14.2): An attacker in a privileged network position may be able to execute arbitrary code
- Core Media (CVE-2019-6202, CVE-2019-6221; macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to elevate privileges
- CoreAnimation (CVE-2019-6231; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to read restricted memory
- CoreAnimation (CVE-2019-6230; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to break out of its sandbox
- FaceTime (CVE-2019-6224; macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution
- Hypervisor (CVE-2018-4467; macOS Sierra 10.12.6, macOS High Sierra 10.13.6): A malicious application may be able to elevate privileges
- Intel Graphics Driver (CVE-2018-4452; macOS Sierra 10.12.6, macOS High Sierra 10.13.6): A malicious application may be able to execute arbitrary code with system privileges
- IOKit (CVE-2019-6214; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to break out of its sandbox
- Kernel (CVE-2019-6225; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to elevate privileges
- Kernel (CVE-2019-6210; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to execute arbitrary code with kernel privileges
- Kernel (CVE-2019-6205; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may cause unexpected changes in memory shared between processes
- Kernel (CVE-2019-6213; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): An application may be able to execute arbitrary code with kernel privileges
- Kernel (CVE-2019-6209; macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to determine kernel memory layout
- Kernel (CVE-2019-6208; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may cause unexpected changes in memory shared between processes
- libxpc (CVE-2019-6218; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
- Mojave 10.14.2): A malicious application may be able to execute arbitrary code with kernel privileges
- Natural Language Processing (CVE-2019-6219; macOS Mojave 10.14.2): Processing a maliciously crafted message may lead to a denial of service
- QuartzCore (CVE-2019-6220; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): An application may be able to read restricted memory
- SQLite (CVE-2018-20346, CVE-2018-20505, CVE-2018-20506): A maliciously crafted SQL query may lead to arbitrary code execution
- WebRTC (CVE-2019-6211; macOS Mojave 10.14.2): Processing maliciously crafted web content may lead to arbitrary code execution