All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Up to 1527MB/s sustained performance
Sony A7R IV


Please order through this ad, thanks!
Ordering through BH Photo email notice will not give me credit and you know my review will be good!
Buy at B&H via site links to support Lloyd’s reporting!
√ B&H Photo PAYS THE SALES TAX FOR YOU More info...

Concerned about macOS Security Fixes

Update: looks like my concerns were spot-on, that is, Apple released an updates to the update on March 30. For macOS High Sierra, the build number with the updated update should be macOS 10.13.6 (17G6030), as seen in About This Mac => System Report => Software.

MPG recommends the following settings for updates.

Recommended App Store preferences for system updates
(for those who travel and/or want security without unwanted updates)

Ambiguity issue with macOS security update (initial post)

I’m bothered by Apple’s ambiguity in About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra.

Specifically there are two bad things at work and one of them must be true: either macOS 10.14 Mojave introduced some serious new bugs, or those bugs are not being fixed for macOS 10.13 High Sierra. Either way is bad, but I’d at least like to know the answer.

An excerpt below demonstrates why I am confused: if a bug is fixed in Mojave but not High Sierra, is it a new bug in Mojave only, or does the bug still exist in High Sierra? Apple doesn’t say. Either way looks like B-team work for Apple.

Bom
Available for: macOS Mojave 10.14.3  <== new bug or not fixed in High Sierra?
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file metadata.
CVE-2019-6239: Ian Moorhouse and Michael Trimm

CFString
Available for: macOS Mojave 10.14.3 <== new bug or not fixed in High Sierra?
Impact: Processing a maliciously crafted string may lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.

configd
Available for: macOS Mojave 10.14.3 <== new bug or not fixed in High Sierra?
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)

Contacts
Available for: macOS Mojave 10.14.3 <== new bug or not fixed in High Sierra?
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2019-8511: an anonymous researcher

CoreCrypto
Available for: macOS Mojave 10.14.3 <== new bug or not fixed in High Sierra?
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2019-8542: an anonymous researcher
DiskArbitration
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3  fixed for 3 macOS versions
Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password
Description: A logic issue was addressed with improved state management.
CVE-2019-8522: Colin Meginnis (@falc420)
...

Save the tax, we pay you back, instantly!

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__