All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com

Thank you for buying via links and ads on this site,
which earn me advertising fees or commissions.
As an Amazon Associate I earn from qualifying purchases.

Other World Computing...
B&H Photo...
Amazon
As an Amazon Associate I earn from qualifying purchases.
Capacities up to 56TB and speeds up to 1527MB/s
877-865-7002
Today’s Deal Zone Items... Handpicked deals...
$399 $199
SAVE $200

$2797 $2497
SAVE $300

$1398 $998
SAVE $400

$1499 $999
SAVE $500

$549 $499
SAVE $50

$799 $549
SAVE $250

$1699 $949
SAVE $750

$3899 $1499
SAVE $2400

$999 $849
SAVE $150

$1398 $998
SAVE $400

$1798 $1198
SAVE $600

$240 $175
SAVE $65

$240 $175
SAVE $65

$1399 $799
SAVE $600

$1798 $1198
SAVE $600

$1997 $1797
SAVE $200

$3399 $2699
SAVE $700

$400 $300
SAVE $100

$1699 $949
SAVE $750

$1199 $1099
SAVE $100

$1199 $1099
SAVE $100

$999 $949
SAVE $50

$1699 $949
SAVE $750

Thunderbolt 4 Dock

Thunderbolt 4 hub and ports!

Any Mac with Thunderbolt 3.


Concerned about macOS Security Fixes

Update: looks like my concerns were spot-on, that is, Apple released an updates to the update on March 30. For macOS High Sierra, the build number with the updated update should be macOS 10.13.6 (17G6030), as seen in About This Mac => System Report => Software.

MPG recommends the following settings for updates.

Recommended App Store preferences for system updates
(for those who travel and/or want security without unwanted updates)

Ambiguity issue with macOS security update (initial post)

I’m bothered by Apple’s ambiguity in About the security content of macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra.

Specifically there are two bad things at work and one of them must be true: either macOS 10.14 Mojave introduced some serious new bugs, or those bugs are not being fixed for macOS 10.13 High Sierra. Either way is bad, but I’d at least like to know the answer.

An excerpt below demonstrates why I am confused: if a bug is fixed in Mojave but not High Sierra, is it a new bug in Mojave only, or does the bug still exist in High Sierra? Apple doesn’t say. Either way looks like B-team work for Apple.

Bom
Available for: macOS Mojave 10.14.3  <== new bug or not fixed in High Sierra?
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file metadata.
CVE-2019-6239: Ian Moorhouse and Michael Trimm

CFString
Available for: macOS Mojave 10.14.3 <== new bug or not fixed in High Sierra?
Impact: Processing a maliciously crafted string may lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.

configd
Available for: macOS Mojave 10.14.3 <== new bug or not fixed in High Sierra?
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)

Contacts
Available for: macOS Mojave 10.14.3 <== new bug or not fixed in High Sierra?
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2019-8511: an anonymous researcher

CoreCrypto
Available for: macOS Mojave 10.14.3 <== new bug or not fixed in High Sierra?
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2019-8542: an anonymous researcher
DiskArbitration
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3  fixed for 3 macOS versions
Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password
Description: A logic issue was addressed with improved state management.
CVE-2019-8522: Colin Meginnis (@falc420)
...
OWC Accelsior 4M2 PCIe SSD
6000 MB/sec!
Mac or PC.


Ideal for Lightroom, Photoshop, video.
Capacity up to 16TB!

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__