All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd B&H Deal Finder...
Buy other stuff at Amazon.com...
Upgrade the memory of your 2018 Mac mini up to 64GB
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$4499 $3499
SAVE $1000

$249 $219
SAVE $30

$1398 $898
SAVE $500

$1699 $1349
SAVE $350

$21999 $19999
SAVE $2000

$8399 $7599
SAVE $800

$1149 $799
SAVE $350

$260 $180
SAVE $80

$4998 $3998
SAVE $1000

$569 $519
SAVE $50

$899 $799
SAVE $100

$2347 $1997
SAVE $350

$883 $633
SAVE $250

$1299 $949
SAVE $350

$1699 $1349
SAVE $350

$2798 $2498
SAVE $300

$1199 $1099
SAVE $100

Organic Lab Tested Full Spectrum CBD

20% off every day with coupon code diglloyd20 at NuLeafNaturals.com

Updated formula with more CBD!
100% organic non-GMO, no additives or preservatives, lab tested for purity and quality.

Concerned about macOS Security Fixes

Update: looks like my concerns were spot-on, that is, Apple released an updates to the update on March 30. For macOS High Sierra, the build number with the updated update should be macOS 10.13.6 (17G6030), as seen in About This Mac => System Report => Software.

MPG recommends the following settings for updates.

Recommended App Store preferences for system updates
(for those who travel and/or want security without unwanted updates)

Ambiguity issue with macOS security update (initial post)

I’m bothered by Apple’s ambiguity in About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra.

Specifically there are two bad things at work and one of them must be true: either macOS 10.14 Mojave introduced some serious new bugs, or those bugs are not being fixed for macOS 10.13 High Sierra. Either way is bad, but I’d at least like to know the answer.

An excerpt below demonstrates why I am confused: if a bug is fixed in Mojave but not High Sierra, is it a new bug in Mojave only, or does the bug still exist in High Sierra? Apple doesn’t say. Either way looks like B-team work for Apple.

Bom
Available for: macOS Mojave 10.14.3  <== new bug or not fixed in High Sierra?
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file metadata.
CVE-2019-6239: Ian Moorhouse and Michael Trimm

CFString
Available for: macOS Mojave 10.14.3 <== new bug or not fixed in High Sierra?
Impact: Processing a maliciously crafted string may lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.

configd
Available for: macOS Mojave 10.14.3 <== new bug or not fixed in High Sierra?
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)

Contacts
Available for: macOS Mojave 10.14.3 <== new bug or not fixed in High Sierra?
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2019-8511: an anonymous researcher

CoreCrypto
Available for: macOS Mojave 10.14.3 <== new bug or not fixed in High Sierra?
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2019-8542: an anonymous researcher
DiskArbitration
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3  fixed for 3 macOS versions
Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password
Description: A logic issue was addressed with improved state management.
CVE-2019-8522: Colin Meginnis (@falc420)
...

Save the tax, we pay you back, instantly!
View all handpicked deals...

Pentax 8x42 S-Series SD WP Binoculars
$249 $219
SAVE $30

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__