Apple wasted little time snuffing out bugs in its macOS Catalina operating system. On Tuesday, Apple rolled out 16 patches addressing a wide range of Catalina bugs in components such as CoreAudio, IOGraphics and WebKit. The security fixes are exclusively for macOS 10.15; so pre-Catalina releases of macOS will have to wait for fixes. While specifics are scant on each of the bugs addressed, Apple did share some details. Two bugs (CVE-2019-8781, CVE-2019-8717) impact the macOS kernel and would allow for arbitrary code-execution, it reported. Both are tied to memory-corruption issues. In one case, Apple said the flaw was addressed via improved state management, and in the other via improved memory handling. Apple’s browser engine, WebKit, also received two fixes (CVE-2019-8769, CVE-2019-8768) for browser history issues. The first fix tackles a bug that gives an adversary access to a user’s browser history when lured to visit a maliciously crafted website. The second bug makes it impossible to delete browsing history items. “‘Clear History and Website Data’ did not clear the history,” Apple wrote. Meanwhile, a vulnerability (CVE-2019-8748) tied to the microprocessor AMD could allow an attacker to “execute arbitrary code with kernel privileges,” wrote Apple. Intel’s Graphic Driver also received a patch (CVE-2019-8758) that could allow an application to execute arbitrary code with system privileges. Two additional bugs are tied to the Apache web server and PHP that comes…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2019-10-08 15:34:002019-10-08 15:34:00Apple Tackles Over a Dozen Bugs in its Catalina 10.15 Update
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com