上一封 下一封 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4,Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra

APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update
2019-002 High Sierra, Security Update 2019-002 Sierra

macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra are now available and
addresses the following:

AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and
shrek_wzw of Qihoo 360 Nirvan Team

Bom
Available for: macOS Mojave 10.14.3
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file
metadata.
CVE-2019-6239: Ian Moorhouse and Michael Trimm

CFString
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted string may lead to a denial
of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.

configd
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)

Contacts
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2019-8511: an anonymous researcher

CoreCrypto
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher

DiskArbitration
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: An encrypted volume may be unmounted and remounted by a
different user without prompting for the password
Description: A logic issue was addressed with improved state
management.
CVE-2019-8522: Colin Meginnis (@falc420)

FaceTime
Available for: macOS Mojave 10.14.3
Impact: A user‘s video may not be paused in a FaceTime call if they
exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video. The
issue was resolved with improved logic.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy

Feedback Assistant
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs

Feedback Assistant
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs

file
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted file might disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-6237: an anonymous researcher

Graphics Drivers
Available for: macOS Mojave 10.14.3
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin
(@panicaII) and Junzhi Lu of Trend Micro Research working with Trend
Micro‘s Zero Day Initiative

iAP
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8542: an anonymous researcher

IOGraphics
Available for: macOS Mojave 10.14.3
Impact: A Mac may not lock when disconnecting from an external
monitor
Description: A lock handling issue was addressed with improved lock
handling.
CVE-2019-8533: an anonymous researcher, James Eagan of Télécom
ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT

IOHIDFamily
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team

IOKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8504: an anonymous researcher

IOKit SCSI
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro

Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size
validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)

Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: Mounting a maliciously crafted NFS network share may lead to
arbitrary code execution with system privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8508: Dr. Silvio Cesare of InfoSect

Kernel
Available for: macOS Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state
management.
CVE-2019-8514: Samuel Groß of Google Project Zero

Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360  Nirvan Team

Kernel
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-7293: Ned Williamson of Google

Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to determine kernel
memory layout
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed with improved input
validation.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG

Messages
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8546: ChiYuan Chang

Notes
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view a user‘s locked notes
Description: An access issue was addressed with improved memory
management.
CVE-2019-8537: Greg Walker (gregwalker.us)

PackageKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2019-8561: Jaron Bradley of Crowdstrike

Perl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: Multiple issues in Perl
Description: Multiple issues in Perl were addressed in this update.
CVE-2018-12015: Jakub Wilk
CVE-2018-18311: Jayakrishna Menon
CVE-2018-18313: Eiichi Tsukata

Power Management
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: Multiple input validation issues existed in MIG
generated code. These issues were addressed with improved validation.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure
(ssd-disclosure.com)

QuartzCore
Available for: macOS Mojave 10.14.3
Impact: Processing malicious data may lead to unexpected application
termination
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8507: Kai Lu or Fortinet‘s FortiGuard Labs

Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8526: Linus Henze (pinauten.de)

Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8520: Antonio Groza, The UK‘s National Cyber Security Centre
(NCSC)

Siri
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to initiate a Dictation
request without user authorization
Description: An API issue existed in the handling of dictation
requests. This issue was addressed with improved validation.
CVE-2019-8502: Luke Deshotels of North Carolina State University,
Jordan Beichler of North Carolina State University, William Enck of
North Carolina State University, Costin Caraba? of University
POLITEHNICA of Bucharest, and R?zvan Deaconescu of University
POLITEHNICA of Bucharest

Time Machine
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.3
Impact: A local user may be able to execute arbitrary shell commands
Description: This issue was addressed with improved checks.
CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs

TrueTypeScaler
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero
Day Initiative

XPC
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary
files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs

Additional recognition

Accounts
We would like to acknowledge Milan Stute of Secure Mobile Networking
Lab at Technische Universität Darmstadt for their assistance.

Books
We would like to acknowledge Yi?it Can YILMAZ (@yilmazcanyigit) for
their assistance.

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.

Mail
We would like to acknowledge Craig Young of Tripwire VERT and Hanno
Böck for their assistance.

Time Machine
We would like to acknowledge CodeColorist of Ant-Financial LightYear
Labs for their assistance.

Installation note:

macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,
Security Update 2019-002 Sierra may be obtained from the
Mac App Store or Apple‘s Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple‘s Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

原文地址:https://www.cnblogs.com/iAmSoScArEd/p/10604117.html

时间: 2024-10-09 01:46:36

上一封 下一封 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4,Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra的相关文章

html5+css3实现上拉和下拉刷新

<!DOCTYPE html><html><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=0, minimum-sc

01 通过配置文件控制线上和线下模式

一:index.php入口文件 // 开启调试模式 建议开发阶段开启 部署阶段注释或者设为false define('APP_DEBUG',True); /** *版本控制 *项目正式部署上线后请设置为true */ define('RELEASE_VERSION', false); 二:分别创建DebugConfig.php 和 ReleaseConfig.php文件分别存放在Application/Admin/Conf/中.通过控制配置文件来控制线上和线下. 三:配置config文件判读in

安卓,采用最简单易懂的方式实现上拉刷新下拉加载更多

<!-- Description:上拉刷新,下拉加载更多是现在最流行的手势操作,但是对于初学者来说,在实现上是有一定难度的, 网上很多教程讲的都过于复杂,对于初学者无法起到引导作用,特此写本文,帮助安卓新手入门理解此, 还有最为重要的一点:本文只帮助你理解,并不是想你成为代码搬运工!别被那么多代码吓到了, 其中很多都是注释,仔细看注释对你理解有很大的帮助 Author:Booker L Date:2014-05-16 --> 一,事先准备: 实现该功能,最基本的需要两个东西,一个是OnTouc

上一条下一条方案对比

今天CPU狂飙了一把,分析SQL后揪出真凶: 上一条下一条方案对比,布布扣,bubuko.com

css -- 映像 ,分页(上一页下一页)

1.映像:-webkit-box-reflect:blow 2px -webkit-gradient( linear, left top, left bottom, from(transparent), color-stop(0.52,transprent), to(white)); 2.对于页码的上一页以及下一页:prev以及next ---- rel属性 设置样式ol.pagination a[rel="prev"], ol.pagination a[rel="next&

Android之 RecyclerView,CardView 详解和相对应的上拉刷新下拉加载

随着 Google 推出了全新的设计语言 Material Design,还迎来了新的 Android 支持库 v7,其中就包含了 Material Design 设计语言中关于 Card 卡片概念的实现 -- CardView.RecyclerView也是谷歌V7包下新增的控件,用来替代ListView的使用,在RecyclerView标准化了ViewHolder类似于ListView中convertView用来做视图缓存. RecyclerView的优点就是,他可以通过设置LayoutMan

jQuery手机端上拉刷新下拉加载更多页面

<!doctype html> <html> <head> <title>jquery 手机端上拉刷新下拉加载更多页面</title> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"> <meta name="viewpost" content="width=device-wi

PullToRefreshRecyclerView——带上拉刷新下拉加载功能的RecyclerView

PullToRefreshRecyclerView——带上拉刷新下拉加载功能的RecyclerView

C# Winform学习---MDI窗体的设计,PictureBox控件(图片上一页下一页),Timer控件,MenuStrip控件

一.MDI窗体的设计 1.MDI简介 MDI(Multiple Document Interface)就是所谓的多文档界面,与此对应就有单文档界面 (SDI), 它是微软公司从Windows 2.0下的Microsoft Excel电子表格程序开始引入的,Excel电子表格用户有时需要同时操作多份表格,MDI正好为这种操作多表格提供了很大的方便,于是就产生了MDI程序 2.效果图: 如下图所示,多窗体嵌套,其中一个是父窗体,其条是子窗体. 横向排列下面的窗体: 纵向排列下面的窗体: 关闭全部子窗