Huntsville Macintosh Users Group
UNIX/Security News

Home | Archive | UNIX

Join the Group | About Us | Calendar | Contact Us | Site Index

Security Update: macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra

(2019-01-22)

Apple has updated macOS Mojave to version 10.14.3, and has released Security Update 2019-001 High Sierra, and Security Update 2019-001 Sierra. The updates address the following security related issues:

• AppleKeyStore (CVE-2019-6235; macOS Mojave 10.14.2): A sandboxed process may be able to circumvent sandbox restrictions
• Bluetooth (CVE-2019-6200; macOS High Sierra 10.13.6, macOS Mojave 10.14.2): An attacker in a privileged network position may be able to execute arbitrary code
• Core Media (CVE-2019-6202, CVE-2019-6221; macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to elevate privileges
• CoreAnimation (CVE-2019-6231; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to read restricted memory
• CoreAnimation (CVE-2019-6230; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to break out of its sandbox
• FaceTime (CVE-2019-6224; macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution
• Hypervisor (CVE-2018-4467; macOS Sierra 10.12.6, macOS High Sierra 10.13.6): A malicious application may be able to elevate privileges
• Intel Graphics Driver (CVE-2018-4452; macOS Sierra 10.12.6, macOS High Sierra 10.13.6): A malicious application may be able to execute arbitrary code with system privileges
• IOKit (CVE-2019-6214; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to break out of its sandbox
• Kernel (CVE-2019-6225; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to elevate privileges
• Kernel (CVE-2019-6210; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to execute arbitrary code with kernel privileges
• Kernel (CVE-2019-6205; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may cause unexpected changes in memory shared between processes
• Kernel (CVE-2019-6213; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): An application may be able to execute arbitrary code with kernel privileges
• Kernel (CVE-2019-6209; macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may be able to determine kernel memory layout
• Kernel (CVE-2019-6208; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): A malicious application may cause unexpected changes in memory shared between processes
• libxpc (CVE-2019-6218; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
• Mojave 10.14.2): A malicious application may be able to execute arbitrary code with kernel privileges
• Natural Language Processing (CVE-2019-6219; macOS Mojave 10.14.2): Processing a maliciously crafted message may lead to a denial of service
• QuartzCore (CVE-2019-6220; macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.2): An application may be able to read restricted memory
• SQLite (CVE-2018-20346, CVE-2018-20505, CVE-2018-20506): A maliciously crafted SQL query may lead to arbitrary code execution
• WebRTC (CVE-2019-6211; macOS Mojave 10.14.2): Processing maliciously crafted web content may lead to arbitrary code execution

© The Huntsville Macintosh Users Group 1995-2019
Apple, the Apple Logo, and Macintosh are registered trademarks of Apple, Inc.
Other names may be registered trademarks of their respective owners.