Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.4010
Multiple vulnerabilities have been identified in macOS
30 October 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Apple MacOS
Publisher: Apple
Operating System: Mac OS
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Increased Privileges -- Existing Account
Access Privileged Data -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Remote/Unauthenticated
Provide Misleading Information -- Remote with User Interaction
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-8817 CVE-2019-8807 CVE-2019-8805
CVE-2019-8803 CVE-2019-8802 CVE-2019-8801
CVE-2019-8798 CVE-2019-8797 CVE-2019-8794
CVE-2019-8789 CVE-2019-8788 CVE-2019-8787
CVE-2019-8786 CVE-2019-8785 CVE-2019-8784
CVE-2019-8767 CVE-2019-8761 CVE-2019-8759
CVE-2019-8756 CVE-2019-8750 CVE-2019-8749
CVE-2019-8744 CVE-2019-8737 CVE-2019-8736
CVE-2019-8716 CVE-2019-8715 CVE-2019-8708
CVE-2019-8706 CVE-2019-8509 CVE-2018-12154
CVE-2018-12153 CVE-2018-12152 CVE-2017-7152
Reference: ESB-2019.4009
Original Bulletin:
https://support.apple.com/en-au/HT201222
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update
2019-001 Mojave, Security Update 2019-006 High Sierra
macOS Catalina 10.15.1, Security Update 2019-001 Mojave,
Security Update 2019-006 High Sierra are now available and address
the following:
Accounts
Available for: macOS Catalina 10.15
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at
Technische Universität Darmstadt
App Store
Available for: macOS Catalina 10.15
Impact: A local attacker may be able to login to the account of a
previously logged in user without valid credentials.
Description: An authentication issue was addressed with improved
state management.
CVE-2019-8803: Kiyeon An, 차민ê·\x{156} (CHA Minkyu)
AppleGraphicsControl
Available for: macOS Catalina 10.15
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8817: Arash Tohidi
AppleGraphicsControl
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8716: Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin
Group, Zhuo Liang of Qihoo 360 Vulcan Team
Associated Domains
Available for: macOS Catalina 10.15
Impact: Improper URL processing may lead to data exfiltration
Description: An issue existed in the parsing of URLs. This issue was
addressed with improved input validation.
CVE-2019-8788: Juha Lindstedt of Pakastin, Mirko Tanania, Rauli
Rikama of Zero Keyboard Ltd
Audio
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab
Audio
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8785: Ian Beer of Google Project Zero
CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure
Books
Available for: macOS Catalina 10.15
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven
Contacts
Available for: macOS Catalina 10.15
Impact: Processing a maliciously contact may lead to UI spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)
CUPS
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)
CUPS
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2019-8767: Stephen Zeisberg
CUPS
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)
File Quarantine
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A malicious application may be able to elevate privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs
File System Events
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero
Day Initiative
Graphics
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing a malicious shader may result in unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2018-12152: Piotr Bania of Cisco Talos
CVE-2018-12153: Piotr Bania of Cisco Talos
CVE-2018-12154: Piotr Bania of Cisco Talos
Graphics Driver
Available for: macOS Catalina 10.15
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8784: Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC
Intel Graphics Driver
Available for: macOS Catalina 10.15
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8807: Yu Wang of Didi Research America
IOGraphics
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8759: another of 360 Nirvan Team
iTunes
Available for: macOS Catalina 10.15
Impact: Running the iTunes installer in an untrusted directory may
result in arbitrary code execution
Description: A dynamic library loading issue existed in iTunes setup.
This was addressed with improved path searching.
CVE-2019-8801: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
Kernel
Available for: macOS Catalina 10.15
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8786: an anonymous researcher
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory corruption issue existed in the handling of
IPv6 packets. This issue was addressed with improved memory
management.
CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Multiple issues in libxml2
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8749: found by OSS-Fuzz
CVE-2019-8756: found by OSS-Fuzz
libxslt
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Multiple issues in libxslt
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8750: found by OSS-Fuzz
manpages
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15
Impact: A malicious application may be able to gain root privileges
Description: A validation issue was addressed with improved logic.
CVE-2019-8802: Csaba Fitzl (@theevilbit)
PluginKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A local user may be able to check for the existence of
arbitrary files
Description: A logic issue was addressed with improved restrictions.
CVE-2019-8708: an anonymous researcher
PluginKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8715: an anonymous researcher
SystemExtensions
Available for: macOS Catalina 10.15
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A validation issue existed in the entitlement
verification. This issue was addressed with improved validation of
the process entitlement.
CVE-2019-8805: Scott Knight (@sdotknight) of VMware Carbon Black TAU
UIFoundation
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Parsing a maliciously crafted text file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2019-8761: Renee Trisberg of SpectX
Additional recognition
CFNetwork
We would like to acknowledge Lily Chen of Google for their
assistance.
Kernel
We would like to acknowledge Brandon Azad of Google Project Zero and
Jann Horn of Google Project Zero for their assistance.
libresolv
We would like to acknowledge enh at Google for their assistance.
Postfix
We would like to acknowledge Chris Barker of Puppet for their
assistance.
Profiles
We would like to acknowledge Csaba Fitzl (@theevilbit) for their
assistance.
python
We would like to acknowledge an anonymous researcher for their
assistance.
VPN
We would like to acknowledge Royce Gawron of Second Son Consulting,
Inc. for their assistance.
Installation note:
macOS Catalina 10.15.1, Security Update 2019-001 Mojave,
Security Update 2019-006 High Sierra may be
obtained from the Mac App Store or Apple's Software Downloads
web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M3T5w/+
MA0oNNn6fPlkGiHHzMisKLkseGIltXgSc1v01C32qZpWoCmIzxXoDN1DZ0UC1nkh
fAzFMvj25wEj14L7ZXOOqaLFgf+e3ZGzius71wru92h1oaYMkspO1A0I6jPOXUU0
EtZfy6RECv7Ees4Zvj5EWXO0Xqpk2fVyEN4f/sGLtlHRkv1Do9ge6pX3JyXynF+f
M0jSntJYBFMuzIX2LZFdbTgtcNhsVMhUlztz3SKbA+JF6IxertPSp9mOxaEtGnYj
LgvSy9EVn98XBRt7rS8zrXCBi1OrTV21RE2HY+Twv+8lSSMRsjo6+KW7sPYd3KDy
esY0zfIkZ1VSSw/sb0kBalkl/rjLeBkSsBlLiA9uWEvkH9uDNVuo4WzDIN6a89hs
Zb2Aj4VjlLlKRKXRmLmpq7TkUQTVxWNMUdHttHUa/k0ODWviH/CbCKhrv0GKB9+X
EOXG65J+qCzq07MPgQG/JWCFbpVVOqQyXOuKCwrDl1LIb15WMxy8vFApEcJAsrvB
Z9if9NDnJxTWo9gQUcrZHrFm/humsTc+YSPSDovfIEYwbx99LkOWdnK5kiTqodxW
SMQyXhAWeZqL8zzxkFjXnodsnmVXvldFVMHjqPdXuXnn6ythU4UPedklPC50bH9G
Ofniqz3XXmySfVDFNFyfODEsvnoTxmGiUyJzAxAM+JM=
=fvfR
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXbjzp2aOgq3Tt24GAQiDtxAAqWbIRHH+e4pir87oYWLTdKNjfJlXL9SY
ikJP5mTIto92wK9LoRE+PpTqeV3aJvUKguG311R6QbNnSdpcmFvShkaV7yXMCLuf
nVfBdABuc6P8Qtv/nTg4KuHvsIcRn3WA2RtNgu8lXr5+ujLZjBX5WbutpWyVh0aW
weBRIJ970B5Cvff0d5MVfo8D+u7X2jcfwyBTmiQCxrTvIy99kL1IfMRxa/t8VmkM
PsIbVBm6nOR8YXfU/nmauwZzW06mg0YsCSL9KvJaJ42jry/GDnUVV7tZEsYdD0SR
5sdtiH3+dzHhP4mARqiT+l0ymAOZM6KvWe2cXCSVe4or3xVThoBPeB9q+y+z/6Vn
JbD0gEO8rLpfzdcomYcbINKzC0HMuEmKcXiWFlv5YCCaAOtwKBx/xFAQ2q0PLerZ
jH12cdPzgZdPAgzvLFVXd4lTAb08IU0rFImA39h8XACjMX7+dkIKGYvHzEQ3v+PH
EOT+9RVuPHDEgPUIAWiz1aRccxyilRgDAPLpmtEhq8hkbkTsP26p6KNbu6GCFPHg
RuGDMkfQ3GAQaSMp3CwHLMJVbdm9wvQRbLOoAbXVtBpYzS9rGl3KJtiDFY0A794+
Vt5mHQDaV13Vqo+5Vnxbwzak2E/iY1BCFkXamxoWDvRTzCRpsnvHzN7OzdmLTv70
Cjo0Ovl+5uQ=
=+DFn
-----END PGP SIGNATURE-----