Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.2743.2
macOS Mojave 10.14.6, Security Update 2019-004 High Sierra,
Security Update 2019-004 Sierra
14 August 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: macOS Mojave
macOS High Sierra
macOS Sierra
Publisher: Apple
Operating System: Mac OS
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Administrator Compromise -- Existing Account
Access Confidential Data -- Remote/Unauthenticated
Unauthorised Access -- Console/Physical
Resolution: Patch/Upgrade
CVE Names: CVE-2019-13118 CVE-2019-8697 CVE-2019-8695
CVE-2019-8694 CVE-2019-8693 CVE-2019-8692
CVE-2019-8691 CVE-2019-8670 CVE-2019-8667
CVE-2019-8663 CVE-2019-8662 CVE-2019-8661
CVE-2019-8660 CVE-2019-8657 CVE-2019-8656
CVE-2019-8648 CVE-2019-8646 CVE-2019-8641
CVE-2018-19860 CVE-2018-16860
Reference: ESB-2019.2737
ESB-2019.1742
Original Bulletin:
https://support.apple.com/en-au/HT210348
Revision History: August 14 2019: Added CVE-2019-9506
July 23 2019: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
APPLE-SA-2019-8-13-1 Additional information for
APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update
2019-004 High Sierra, Security Update 2019-004 Sierra
macOS Mojave 10.14.6, Security Update 2019-004 High Sierra,
Security Update 2019-004 Sierra address the
following:
AppleGraphicsControl
Available for: macOS Mojave 10.14.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8693: Arash Tohidi of Solita
autofs
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.5
Impact: Extracting a zip file containing a symbolic link to an
endpoint in an NFS mount that is attacker controlled may bypass
Gatekeeper
Description: This was addressed with additional checks by Gatekeeper
on files mounted through a network share.
CVE-2019-8656: Filippo Cavallarin
Bluetooth
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.5
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2018-19860
Bluetooth
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.5
Impact: An attacker in a privileged network position may be able to
intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB)
Description: An input validation issue existed in Bluetooth. This
issue was addressed with improved input validation.
CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Nils Ole
Tippenhauer of CISPA, Germany, and Prof. Kasper Rasmussen of
University of Oxford, England
Entry added August 13, 2019
Carbon Core
Available for: macOS Mojave 10.14.5
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8661: Natalie Silvanovich of Google Project Zero
Core Data
Available for: macOS Mojave 10.14.5
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero
Core Data
Available for: macOS Mojave 10.14.5
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8660: Samuel Gross and Natalie Silvanovich of Google Project
Zero
Disk Management
Available for: macOS Mojave 10.14.5
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8697: ccpwd working with Trend Micro's Zero Day Initiative
FaceTime
Available for: macOS Mojave 10.14.5
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu
Found in Apps
Available for: macOS Mojave 10.14.5
Impact: A remote attacker may be able to leak memory
Description: This issue was addressed with improved checks.
CVE-2019-8663: Natalie Silvanovich of Google Project Zero
Foundation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.5
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8641: Samuel GroÃ\x{159} and Natalie Silvanovich of Google Project
Zero
Grapher
Available for: macOS Mojave 10.14.5
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8695: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
Graphics Drivers
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.5
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8691: Aleksandr Tarasikov (@astarasikov), Arash Tohidi of
Solita, Lilang Wu and Moony Li of Trend Micro's Mobile Security
Research Team working with Trend Micro's Zero Day Initiative
CVE-2019-8692: Lilang Wu and Moony Li of Trend Micro Mobile Security
Research Team working with Trend Micro's Zero Day Initiative
Heimdal
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.5
Impact: An issue existed in Samba that may allow attackers to perform
unauthorized actions by intercepting communications between services
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team
and Catalyst
IOAcceleratorFamily
Available for: macOS Mojave 10.14.5
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8694: Arash Tohidi of Solita
libxslt
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.5
Impact: A remote attacker may be able to view sensitive information
Description: A stack overflow was addressed with improved input
validation.
CVE-2019-13118: found by OSS-Fuzz
Quick Look
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.5
Impact: An attacker may be able to trigger a use-after-free in an
application deserializing an untrusted NSDictionary
Description: This issue was addressed with improved checks.
CVE-2019-8662: Natalie Silvanovich and Samuel Gross of Google Project
Zero
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8697: ccpwd working with Trend Micro's Zero Day Initiative
Siri
Available for: macOS Mojave 10.14.5
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8646: Natalie Silvanovich of Google Project Zero
Time Machine
Available for: macOS Mojave 10.14.5
Impact: The encryption status of a Time Machine backup may be
incorrect
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2019-8667: Roland Kletzing of cyber:con GmbH
UIFoundation
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS
Mojave 10.14.5
Impact: Parsing a maliciously crafted office document may lead to an
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative
Additional recognition
Classroom
We would like to acknowledge Jeff Johnson of underpassapp.com for
their assistance.
Game Center
We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of
Alibaba Inc. for their assistance.
Installation note:
macOS Mojave 10.14.6, Security Update 2019-004 High Sierra,
Security Update 2019-004 Sierra may be obtained from the
Mac App Store or Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXVOPgWaOgq3Tt24GAQjMYBAAs5TywSOiZkqgD1pfOfN6On8Y4bXjn5jP
r+s0zafJzz53gbyKtOy0qE2T/0r7r0ltnGybVBAWLwQ+np/0o7NT3hzCMKCH8PSn
9wOOWJLlHG7uAztTjfvP9WkQDINeu/NQkRISj9MLUHsMjxngg5byIhdUa/7wrUsh
Q83YYt/PQYiN3IhlX9kiX7ENrsgnHz+5ztYnzckXeZ55E8lfPanzNOqBdqAu2hZa
vyc1pMK5WPmYbYlRTgpxkE4KAAaGDdT2eEGBCtsb2lImoCE1iJSZW1kU/D2Z7S5X
PIfUsAQn4MQu9jxN7lQIu/wQHp7Rjk/qE1ktGoU0xAvSZHoIxNms/0KN9SRFfQiq
m0o9fhf0v/Q8ssq4almOdD4mxSqOhKOkjGSD/jg/3q0WPgsARM9CxkK5BUGbitb4
QqtKQVRk6JfFa34TASvCO603EZLjMuKJKR2Xwvd8D1gXWirJ4ooDbuA5JJYGPe6f
CJ+c6b6VThjPhyfUXWcnOWRnvToHjXTNCe2zU09zTwGfZzLOaAMM30HulvVk8XBK
vOfSxMscRhY9k5qsAxY+H5nZ/CLp1L771TwjgNw4xGpyvrhTFE4L1WNSkYYDdK2Y
tN25kveQ3RpaKU7FMDdss8AyJuwnTva5mglE2mbH7n8BmA+c0t+qjeOqb3lb0LVz
q1idx6wxnwM=
=9t2a
-----END PGP SIGNATURE-----