About Apple security updates
Aug 01, 2019 macOS Mojave 10.14.6 macOS Mojave brings new features inspired by its most powerful users, but designed for everyone. Stay better focused on your work in Dark Mode. MacOS Mojave (/ m oʊ ˈ h ɑː v i, m ə-/ mo-HAH-vee) (version 10.14) is the fifteenth major release of macOS, Apple Inc.' S desktop operating system for Macintosh computers. Mojave was announced at Apple's Worldwide Developers Conference on June 4, 2018, and was released to the public on September 24, 2018. The operating system's name refers to the Mojave Desert and is part of a series of. Upgrade to ExtendSim 10. We've done a complete re-write of ExtendSim with the release of 10, incorporating hundreds of thousands of lines of code, added a laundry list of new features, updated the look and feel of the software, plus are introducing the first ever integrated reliability block diagramming tool in a simulation package! Sep 26, 2019 macOS Mojave 10.14.6 Update. The macOS Mojave 10.14.6 update improves the stability and reliability of your Mac, and is recommended for all users. This update:. Makes downloaded issues available in the My Magazines section of Apple News+, both online and offline. ExtendSim is a Windows application, but there is a way to run Windows applications like ExtendSim on Macintosh computers. Solution - Install the Windows operating system (OS) on your Macintosh. To do this, you need to obtain the Windows OS and an emulator.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra
Released May 26, 2020
Accounts
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved input validation.
CVE-2020-9827: Jannik Lorenz of SEEMOO @ TU Darmstadt
Accounts
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9772: Allison Husain of UC Berkeley
AirDrop
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause a denial of service
Description: A denial of service issue was addressed with improved input validation.
CVE-2020-9826: Dor Hadad of Palo Alto Networks
AppleMobileFileIntegrity
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A malicious application could interact with system processes to access private information and perform privileged actions
Description: An entitlement parsing issue was addressed with improved parsing.
CVE-2020-9842: Linus Henze (pinauten.de)
AppleUSBNetworking
Available for: macOS Catalina 10.15.4
Impact: Inserting a USB device that sends invalid messages may cause a kernel panic
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9804: Andy Davis of NCC Group
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9815: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Audio
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9791: Yu Zhou (@yuzhou6666) working with Trend Micro Zero Day Initiative
Bluetooth
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to determine kernel memory layout
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9831: Yu Wang of Didi Research America
Calendar
Available for: macOS Catalina 10.15.4
Impact: Importing a maliciously crafted calendar invitation may exfiltrate user information
Description: This issue was addressed with improved checks.
CVE-2020-3882: Andy Grant of NCC Group
CoreBluetooth
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6
Impact: A remote attacker may be able to leak sensitive user information
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9828: Jianjun Dai of Qihoo 360 Alpha Lab
CVMS
Available for: macOS Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed with improved checks.
CVE-2020-9856: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
DiskArbitration
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to break out of its sandbox
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9847: Zhuo Liang of Qihoo 360 Vulcan Team working with 360 BugCloud (bugcloud.360.cn)
Find My
Available for: macOS Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2020-9855: Zhongcheng Li(CK01) of Topsec Alpha Team
FontParser
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
I don't see java for mac os java download windows 7. Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9816: Peter Nguyen Vu Hoang of STAR Labs working with Trend Micro Zero Day Initiative
ImageIO
Available for: macOS Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3878: Samuel Groß of Google Project Zero
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9789: Wenchao Li of VARAS@IIE
CVE-2020-9790: Xingwei Lin of Ant-financial Light-Year Security Lab
Intel Graphics Driver
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Extendsim Software For Macos 10.14 7
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2020-9822: ABC Research s.r.o
IPSec
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9837: Thijs Alkemade of Computest
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-9821: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to determine another application's memory layout
Description: An information disclosure issue was addressed by removing the vulnerable code.
CVE-2020-9797: an anonymous researcher
Kernel
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An integer overflow was addressed with improved input validation.
CVE-2020-9852: Tao Huang and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with kernel privileges
Neat scanner for mac el capitan. Description: A use after free issue was addressed with improved memory management.
CVE-2020-9795: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to cause unexpected system termination or write kernel memory
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-9808: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: An information disclosure issue was addressed with improved state management.
CVE-2020-9811: Tielei Wang of Pangu Lab
CVE-2020-9812: derrek (@derrekr6)
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.
CVE-2020-9813: Xinru Chi of Pangu Lab
CVE-2020-9814: Xinru Chi and Tielei Wang of Pangu Lab
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to determine kernel memory layout
Description: An information disclosure issue was addressed with improved state management.
CVE-2020-9809: Benjamin Randazzo (@____benjamin)
ksh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
From which link can you manually install updates for macos windows 7. Impact: A local user may be able to execute arbitrary shell commands
Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.
CVE-2019-14868
NSURL
Available for: macOS Mojave 10.14.6
Impact: A malicious website may be able to exfiltrate autofilled data in Safari
Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.
CVE-2020-9857: Dlive of Tencent Security Xuanwu Lab
PackageKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to gain root privileges
Description: A permissions issue existed. This issue was addressed with improved permission validation.
CVE-2020-9817: Andy Grant of NCC Group
PackageKit
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to modify protected parts of the file system
Description: An access issue was addressed with improved access restrictions.
CVE-2020-9851: Linus Henze (pinauten.de)
Python
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-9793
Sandbox
Available for: macOS Catalina 10.15.4
Impact: A malicious application may be able to bypass Privacy preferences
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2020-9825: Sreejith Krishnan R (@skr0x1C0)
Sandbox
Available for: macOS Mojave 10.14.6
Impact: A user may gain access to protected parts of the file system
Description: This issue was addressed with a new entitlement.
CVE-2020-9771: Csaba Fitzl (@theevilbit) of Offensive Security
Security
Available for: macOS Catalina 10.15.4
Impact: A file may be incorrectly rendered to execute JavaScript
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-9788: Wojciech Reguła of SecuRing (https://wojciechregula.blog)
SIP
Available for: macOS Catalina 10.15.4
Impact: A non-privileged user may be able to modify restricted network settings
Description: A logic issue was addressed with improved restrictions.
CVE-2020-9824: @jamestraynor, Csaba Fitzl (@theevilbit) of Offensive Security
Entry updated June 10, 2020
SQLite
Available for: macOS Catalina 10.15.4
Impact: A malicious application may cause a denial of service or potentially disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9794
System Preferences
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to gain elevated privileges
Description: A race condition was addressed with improved state handling.
CVE-2020-9839: @jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech working with Trend Micro’s Zero Day Initiative
USB Audio
Available for: macOS Catalina 10.15.4
Impact: A USB device may be able to cause a denial of service
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-9792: Andy Davis of NCC Group
Wi-Fi
Available for: macOS Catalina 10.15.4
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: A double free issue was addressed with improved memory management.
CVE-2020-9844: Ian Beer of Google Project Zero
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2020-9830: Tielei Wang of Pangu Lab
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-9834: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2020-9833: Yu Wang of Didi Research America
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A malicious application may be able to determine kernel memory layout
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9832: Yu Wang of Didi Research America
WindowServer
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An integer overflow was addressed with improved input validation.
CVE-2020-9841: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
zsh
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.4
Impact: A local attacker may be able to elevate their privileges
Description: An authorization issue was addressed with improved state management.
CVE-2019-20044: Sam Foxman
Additional recognition
CoreBluetooth
We would like to acknowledge Maximilian von Tschirschnitz (@maxinfosec1) of Technical University Munich and Ludwig Peuckert of Technical University Munich for their assistance.
CoreText
We would like to acknowledge Jiska Classen (@naehrdine) and Dennis Heinze (@ttdennis) of Secure Mobile Networking Lab for their assistance.
Endpoint Security
We would like to acknowledge an anonymous researcher for their assistance.
ImageIO
We would like to acknowledge Lei Sun for their assistance.
IOHIDFamily
We would like to acknowledge Andy Davis of NCC Group for their assistance.
IPSec
We would like to acknowledge Thijs Alkemade of Computest for their assistance.
Login Window
We would like to acknowledge Jon Morby and an anonymous researcher for their assistance.
Sandbox
We would like to acknowledge Jason L Lang of Optum for their assistance.
Spotlight
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.
10 7 likes 9,182 views Last modified May 27, 2020 6:14 AM
This is a series of tips that cover Mac OS X client edition. Server forums cover Mac OS X server on the community.
Here is the series of tips for related Macs. 10.6,10.7, 10.8, 10.9, 10.10,10.11,
10.12 ,10.13, 10.14 Mojave, 10.15 Catalina.
See special note about resetting the SMC during updates and upgrades, later in the tip.
is an article I wrote that everyone updating their Mac should read. No update should be ventured into with operating systems or software without first ensuring your data is backed up in two separate places. Slowing down of your Mac should not lead you to assume an update will fix everything. First isolate why your Mac is slowing down or crashing before installing anything new.
Apple released for 10.14.6 users, 2020-003 Mojave security update. If running an earlier version of 10.14, run the 10.14.6 Combo update first.
Apple recommends you have these Macs according to: https://support.apple.com/kb/SP777?locale=en_US
- MacBook (Early 2015 or newer) [model identifier 8,1 or later]
- MacBook Air (Mid 2012 or newer) [model identifier 5,1 or later]
- MacBook Pro (Mid 2012 or newer) [model identifier 9,1 or later]
- Mac mini (Late 2012 or newer) [model identifier 6,1 or later]
- iMac (Late 2012 or newer) [model identifier 12,1 or later]
- Mac Pro (Late 2013; Mid 2010 and Mid 2012 models with recommended Metal-capable graphics cards) [model identifier 5,1 or later]
bracketed items in quotes were added for additional identification purposes. Your Apple menu -> About This Mac -> System Report or System Profiler gives you the model identifier.
All of the Macs that are older than 10.11, need to be updated to 10.11 first before installing Mojave.
The oldest MacBook Air, Mac mini, and iMac which can upgrade to Mojave shipped with 10.8, Mountain Lion.
The oldest MacBook Pro which can upgrade to Mojave shipped with 10.7, Lion.
The oldest MacBook had Mac OS X 10.10 installed.
The oldest Mac Pro on the list above with the compatible graphics cards, had 10.6 originally installed, and is the only Mac that shipped with 10.6 that can install Mojave. Before upgrading to 10.7 or later, read this tip as Apple has not reintroduced a series of software that made older Mac compatible software compatible with Intel Macs since 10.6.8's release.
Apple released Mojave on September 24, 2018. Reports from:
earlier than that date were made with pre-release Mojave versions and can not be relied upon.
September 30, 2018 driver additions from third party update pages:
HP, and Samsung (HP has become the download site for at least some Mojave Samsung printers, if you have Samsung see if any are Catalina compatible)
Silverfast.
10.14.3 was released January 22, 2019. Note, some users are reporting 10.14.3 will not successfully apply as an update without an SMC reset as described how to do in this link: https://support.apple.com/en-us/HT201295
Frequently both updates and upgrades will require multiple reboots to successfully apply. Do NOT become impatient if you find the screen go blank during the update or upgrade process. If you press the power button to shut it down while it is rebooting for the update or upgrade, it may quit the process, and leave you stuck.
Use the macOS Mojave forum for operating system specific questions of other end users such as yourself.
Note: https://support.apple.com/guide/disk-utility/partition-a-physical-disk-dskutl14027/mac
are directions for creating a separate partition that will allow you to dual boot into an older operating system
if you find something not compatible with the current. Once you install the older operating system, you can use the Startup manager to dual boot to the older system.
You can't install Mojave from the Finder, unless you are running 10.13.6 or earlier.
The direct download link for Mojave is:
Note: some people have had trouble downloading the latest Mojave links. https://brave.com/ has been found to be a better web browser than some if you run into issues and is known to work on Mac OS X 10.10 and later.
Extendsim Youtube
Unsupported Macs may have Mojave installed with a patch from http://dosdude1.com/mojave/
Extendsim Software
This is at your own risk. Follow the directions given by the patch author.