lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 29 Oct 2019 16:05:44 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2019-10-29-10 Additional information for
 APPLE-SA-2019-10-07-1 macOS Catalina 10.15

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-10-29-10 Additional information
for APPLE-SA-2019-10-07-1 macOS Catalina 10.15

macOS Catalina 10.15 addresses the following:

AMD
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security
Research Team

apache_mod_php
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP
version 7.3.8.
CVE-2019-11041
CVE-2019-11042

Audio
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab
Entry added October 29, 2019

Books
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Parsing a maliciously crafted iBooks file may lead to a
persistent denial-of-service
Description: A resource exhaustion issue was addressed with improved
input validation.
CVE-2019-8774: Gertjan Franken imec-DistriNet of KU Leuven
Entry added October 29, 2019

CFNetwork
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: This issue was addressed with improved checks.
CVE-2019-8753: Łukasz Pilorz of Standard Chartered GBS Poland
Entry added October 29, 2019

CoreAudio
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Processing a maliciously crafted movie may result in the
disclosure of process memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative

CoreCrypto
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Processing a large input may lead to a denial of service
Description: A denial of service issue was addressed with improved
input validation.
CVE-2019-8741: Nicky Mouha of NIST
Entry added October 29, 2019

CoreMedia
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8825: Found by GWP-ASan in Google Chrome
Entry added October 29, 2019

Crash Reporter
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: The "Share Mac Analytics" setting may not be disabled when a
user deselects the switch to share analytics
Description: A race condition existed when reading and writing user
preferences. This was addressed with improved state handling.
CVE-2019-8757: William Cerniuk of Core Development, LLC

CUPS
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)
Entry added October 29, 2019

CUPS
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2019-8767: Stephen Zeisberg
Entry added October 29, 2019

CUPS
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)
Entry added October 29, 2019

File Quarantine
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: A malicious application may be able to elevate privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs
Entry added October 29, 2019

Foundation
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8746: Natalie Silvanovich and Samuel Groß of Google Project
Zero
Entry added October 29, 2019

Graphics
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Processing a malicious shader may result in unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2018-12152: Piotr Bania of Cisco Talos
CVE-2018-12153: Piotr Bania of Cisco Talos
CVE-2018-12154: Piotr Bania of Cisco Talos
Entry added October 29, 2019

Intel Graphics Driver
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8758: Lilang Wu and Moony Li of Trend Micro

IOGraphics
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A logic issue was addressed with improved restrictions.
CVE-2019-8755: Lilang Wu and Moony Li of Trend Micro

IOGraphics
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8759: another of 360 Nirvan Team
Entry added October 29, 2019

Kernel
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: A local app may be able to read a persistent account
identifier
Description: A validation issue was addressed with improved logic.
CVE-2019-8809: Apple
Entry added October 29, 2019

Kernel
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8709: derrek (@derrekr6)
[confirmed]derrek (@derrekr6)
CVE-2019-8781: Linus Henze (pinauten.de)
Entry added October 29, 2019

Kernel
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8717: Jann Horn of Google Project Zero

Kernel
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory corruption issue existed in the handling of
IPv6 packets. This issue was addressed with improved memory
management.
CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team
Entry added October 29, 2019

libxml2
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Multiple issues in libxml2
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8749: found by OSS-Fuzz
CVE-2019-8756: found by OSS-Fuzz
Entry added October 29, 2019

libxslt
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Multiple issues in libxslt
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8750: found by OSS-Fuzz
Entry added October 29, 2019

mDNSResponder
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An attacker in physical proximity may be able to passively
observe device names in AWDL communications
Description: This issue was resolved by replacing device names with a
random identifier.
CVE-2019-8799: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt
Entry added October 29, 2019

Menus
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8826: Found by GWP-ASan in Google Chrome
Entry added October 29, 2019

Notes
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: A local user may be able to view a user's locked notes
Description: The contents of locked notes sometimes appeared in
search results. This issue was addressed with improved data cleanup.
CVE-2019-8730: Jamie Blumberg (@jamie_blumberg) of Virginia
Polytechnic Institute and State University

PDFKit
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An attacker may be able to exfiltrate the contents of an
encrypted PDF
Description: An issue existed in the handling of links in encrypted
PDFs. This issue was addressed by adding a confirmation prompt.
CVE-2019-8772: Jens Müller of Ruhr University Bochum, Fabian Ising
of FH Münster University of Applied Sciences, Vladislav Mladenov
of Ruhr University Bochum, Christian Mainka of Ruhr University
Bochum, Sebastian Schinzel of FH Münster University of Applied
Sciences, and Jörg Schwenk of Ruhr University Bochum

PluginKit
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: A local user may be able to check for the existence of
arbitrary files
Description: A logic issue was addressed with improved restrictions.
CVE-2019-8708: an anonymous researcher
Entry added October 29, 2019

PluginKit
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8715: an anonymous researcher
Entry added October 29, 2019

SharedFileList
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: A malicious application may be able to access recent
documents
Description: The issue was addressed with improved permissions logic.
CVE-2019-8770: Stanislav Zinukhov of Parallels International GmbH

sips
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8701: Simon Huang(@HuangShaomang), Rong Fan(@fanrong1992)
and pjf of IceSword Lab of Qihoo 360

UIFoundation
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Parsing a maliciously crafted text file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2019-8761: Renee Trisberg of SpectX
Entry added October 29, 2019

UIFoundation
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero
Day Initiative

WebKit
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: A user may be unable to delete browsing history items
Description: "Clear History and Website Data" did not clear the
history. The issue was addressed with improved data deletion.
CVE-2019-8768: Hugo S. Diaz (coldpointblue)

WebKit
Available for: MacBook (Early 2015 and later), MacBook Air (Mid 2012
and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and
later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro
(Late 2013 and later)
Impact: Visiting a maliciously crafted website may reveal browsing
history
Description: An issue existed in the drawing of web page elements.
The issue was addressed with improved logic.
CVE-2019-8769: Piérre Reimertz (@reimertz)

Additional recognition

AppleRTC
We would like to acknowledge Vitaly Cheptsov for their assistance.

Audio
We would like to acknowledge riusksk of VulWar Corp working with
Trend Micro's Zero Day Initiative for their assistance.

boringssl
We would like to acknowledge Nimrod Aviram of Tel Aviv University,
Robert Merget of Ruhr University Bochum, Juraj Somorovsky of Ruhr
University Bochum and Thijs Alkemade (@xnyhps) of Computest for their
assistance.

Finder
We would like to acknowledge Csaba Fitzl (@theevilbit) for their
assistance.

Gatekeeper
We would like to acknowledge Csaba Fitzl (@theevilbit) for their
assistance.

Identity Service
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.

mDNSResponder
We would like to acknowledge Gregor Lang of e.solutions GmbH for
their assistance.

python
We would like to acknowledge an anonymous researcher for their
assistance.

Safari Data Importing
We would like to acknowledge Kent Zoya for their assistance.

Simple certificate enrollment protocol (SCEP)
We would like to acknowledge an anonymous researcher for their
assistance.

Telephony
We would like to acknowledge Phil Stokes from SentinelOne for their
assistance.

VPN
We would like to acknowledge Royce Gawron of Second Son Consulting,
Inc. for their assistance.

Installation note:

macOS Catalina 10.15 may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24s4QACgkQBz4uGe3y
0M0s3w//QZG0JsE1BjWJ3mwKoSn/I1V0SLryV9UxJeibPfhyF6VJEYk63jZxZ5ki
48vM7iKE3nAHamNFOMtUvyzEdO6VGNZ1uiuSu9nkyziEERapHJSLcEh83p2JhWV/
SEsBB3bsT4l3V9ZYxk/9DX6ynCTzKLZTynw6Yo2PMYiMpavD5sfZ6v8U53qdZ+LX
SNuw+vRTsvu3YlFkUStTdQ64sT72yGII0c8iFpSb2AWv7IgbypB5lW4/MRQjrzoc
9yMhvMgXcgAlzoH5GpGE2EflbekcQxudxDh1t0o7f8OASRPTljNjL4oiKXBMhiAM
iUgDn7duE9LqupfSWK5WOUkF+XRV0qTaLCTDWaCzVa5YsApvSVPhbmoFqKXSQG8T
U6SxQviqzJ06sD1jqm2sZ/LnD5xMEXhQvNx89oJrTRsCU/o0fy4tRhHp52aJoF7E
Wvr1kTlo6SGm6NjkmZVoKj6962/0XUYSOt8gR+L/sF7N6URUG+1Ko2jx8zhYHMEO
ju+Hw0TFHd+8mP29oOEIsIpuRpCp9jjgEJDdu7mGqJ1Py2Gs0uGeHEZd6DJhKggA
IvdJu4Q9usjWaxQ9H3m2I/xEqw78sMEEFgCYfLTC0gf2ChaiGZuhKipcF04c81kM
bOGmjuyJrajD/2rY9EHrqtCm5b2079YAIxUAmTOkT0uP2WmlZoM=
=bhin
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists