MacOS

Apple took the opportunity of its official launch of macOS Catalina on Monday to close more than a dozen security holes in the desktop operating system.

The macOS 10.15 update, today, includes fixes for a total of 16 CVEs – There are security vulnerabilities listed in several components.

These particular patches, it should be noted, at least for now, are only offered in macOS 10.15. Those who stay with Mojave, also known as 10.14, will receive a Safari update, although it does not contain any security content. In other words, if any of these 16 holes is present in the versions before Catalina of macOS, users of those versions may have to wait a while for security updates to arrive for those versions.

This will put some Mac loyalists in the unenviable position of choosing to install the latest security fixes, and having an application or two that break with macOS 10.15, or discard the update for now and lose patches. Remember that the first major public versions of Apple's operating system software tend to be a bit irregular.

Errors eliminated

Among the most serious errors that are eliminated in Catalina are a couple of failures (CVE-2019-8781, CVE-2019 -8717) in the macOS core that would allow the execution of arbitrary code. In each case, an application that can access the kernel that is already in the system would trigger a memory corruption error and exploit the fault.

Arbitrary code execution errors were also detected (which again require that an application is already running on the machine) patched on the firmware for the AMD code (CVE-2019-8748) and Intel Graphics Driver (CVE-2019 -8758).

Code execution can also be achieved by opening a poisoned text file, thanks to CVE-2019-8745, a buffer overflow error dates back to the UIF Foundation component of macOS.

Apple's WebKit engine will receive two patches. The first error, CVE-2019-8769, would allow a malicious website to spy on the user's browsing history. The second, CVE-2019-8768, is an error in the "delete history and data from the website" command that results in the incorrect retention of information that was supposed to be deleted.

One of the most interesting errors in the update was CVE- 2019-8772. That flaw, revealed earlier this month in an uni boffins article in Bochum and Münster, allows an attacker to extract some data from encrypted PDF files.

  apple

Do you have an iPhone before A12? Love jailbreaks? Happy Friday! Launch of & # 39; Exploit Boot ROM incompatible boot & # 39;

READ MORE

Another is CVE-2019-8755, a "logical problem" in the IOGraphics component that could allow an unauthorized application to spy on the kernel memory content.

Mac The owners are not the only ones who will want to look for an Apple update. The Windows port of the iCloud software (10.7 for Windows 10 and 7.14 for Windows 7) also received updates.

Among them are the failure of the text file CVE-2019-8745 that allows code execution, as well as two cross-site scripts (CVE-2019-8625, CVE-2019-8719) and five execution failures of arbitrary code (CVE-2019-8707, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8763) in WebKit.

Administrators may want Apple updates to be tested and installed today, as the patch workload will be increasingly substantial tomorrow when Microsoft, Adobe and SAP deliver their monthly security solutions. ®

Sponsored:
How to process, discuss, analyze and visualize your data with three complementary tools

For More Updates Check out Blog, Windows Softwares Drivers, Antivirus, Ms Office, Graphic Design Don’t Forget to Look Our Facebook Page Get Into Pc like us & follow on Twitter- @getinpc

Please Note: This content is provided and hosted by a 3rd party server. Sometimes these servers may include advertisements. igetintopc.com does not host or upload this material and is not responsible for the content.