Recently Apple introduced a new version of its macOS operating system – macOS 10.15 (Catalina). In addition to a significant number of important innovations and changes, the main of which is the abandonment of the iTunes program, the company fixed 16 vulnerabilities in various components of the OS.
It should be noted that these specific fixes, at least for the moment, are only offered on macOS 10.15. Those who stay with Mojave, aka 10.14, will receive the Safari update, although it does not contain any security content.In other words, if any of these 16 holes are present in macOS releases prior to Catalina, users of these assemblies may have to wait a while until the security updates for these versions appear.
“This will thus put some Mac loyalists in the unenviable position of choosing to install the latest security fixes, and have an app or two break with macOS 10.15, or sit out the upgrade for now and miss out on patches. Remember that the first major public releases of Apple’s OS software tend to be a little bumpy”, — shares his opinion Shaun Nichols, IS-Specialist of The Register magazine.
In particular, the company fixed vulnerabilities CVE-2019-8781 and CVE-2019-8717 in the macOS kernel, which allowed execution of the arbitrary code. In each case, an application with kernel access in the system can cause a memory corruption error and exploit it.
Vulnerabilities in arbitrary code execution were also discovered in the firmware for AMD (CVE-2019-8748) and Intel Graphics Driver (CVE-2019-8758). Exploitation of the vulnerability (CVE-2019-8745) in the macOS UIFoundation component is related to buffer overflows. Code execution can also be achieved by opening an infected text file.
Read also: Apple Developers Found Third-Party Keyboard Vulnerability in iOS
In the Apple WebKit engine were fixed two vulnerabilities. Exploitation of the first (CVE-2019-8769) allows an attacker to monitor the browsing history of users through a malicious website, and the second (CVE-2019-8768) leads to incorrect storage of information instead of deleting it.
Mac owners are not the only ones who want to take advantage of Apple updates. The Windows port of iCloud software (10.7 for Windows 10 and 7.14 for Windows 7) also received updates.
A full list of fixed vulnerabilities can be found here.
