image
Apple wasted little time snuffing out bugs in its macOS Catalina operating system. On Tuesday, Apple rolled out 16 patches addressing a wide range of Catalina bugs in components such as CoreAudio, IOGraphics and WebKit. The security fixes are exclusively for macOS 10.15; so pre-Catalina releases of macOS will have to wait for fixes. While specifics are scant on each of the bugs addressed, Apple did share some details. Two bugs (CVE-2019-8781, CVE-2019-8717) impact the macOS kernel and would allow for arbitrary code-execution, it reported. Both are tied to memory-corruption issues. In one case, Apple said the flaw was addressed via improved state management, and in the other via improved memory handling. Apple’s browser engine, WebKit, also received two fixes (CVE-2019-8769, CVE-2019-8768) for browser history issues. The first fix tackles a bug that gives an adversary access to a user’s browser history when lured to visit a maliciously crafted website. The second bug makes it impossible to delete browsing history items. “‘Clear History and Website Data’ did not clear the history,” Apple wrote. Meanwhile, a vulnerability (CVE-2019-8748) tied to the microprocessor AMD could allow an attacker to “execute arbitrary code with kernel privileges,” wrote Apple. Intel’s Graphic Driver also received a patch (CVE-2019-8758) that could allow an application to execute arbitrary code with system privileges. Two additional bugs are tied to the Apache web server and PHP that comes…

Source