secur14y.netlify.app

Hey Guys, Got the update from Trend Micro Support. 'WFBS-SVC 6.6 is incompatible with macOS 10.15(Catalina). Developers are now working on WFBS-SVC 6.7, and the estimated time of arrival is next month (November).' Trend Micro works with the Catalina update on MacOS and Webroot does not. Hey guys, I just got back from my trip to Las Vegas and while I was there I heard from a lot of Agents that Webroot is not compatible with the Catalina update. As a global leader in cybersecurity solutions, Trend Micro provides award-winning protection for PC, Mac, mobile phones, and tablets. With more than 250 million threats blocked per day., Trend Micro ensures your connected world is safe. Trend Micro Maximum Security for Mac provides comprehensive protection for your Mac and iOS devices. Trend Micro is an industry leader in antivirus protection and internet security, with 30 years of security software experience in keeping millions of users safe. Trend Micro Security secures your connected world providing protection against malware, ransomware, spyware, and cyber threats that could compromise your online experience. Dec 30, 2019  Following this supplemental update, Apple released the macOS Catalina 10.15.1 update last October 29, 2019. For more information, refer to the Apple article: What's new in the updates for macOS Catalina. In line with the following updates, Trend Micro has released the WFBS-SVC Mac agent build 3.5.1324 which supports the macOS 10.15.1 Catalina.

• Trend Micro Security For Mac Catalina
• Steam Update For Mac Catalina
• Trend Micro For Mac Computers
• Trend Micro Mac Update

macOS Catalina updates improve the stability, performance, or compatibility of your Mac and are recommended for all Catalina users. To get these updates, choose System Preferences from the Apple menu , then click Software Update. Learn more about updating the software on your Mac.

For details about the security content of these updates, see Apple Security Updates.

• macOS 10.15
  

macOS Catalina 10.15.5

macOS Catalina 10.15.5 introduces battery health management in the Energy Saver settings for notebooks, a new option to disable automatic prominence in Group FaceTime calls, and controls to fine-tune the built-in calibration of your Pro Display XDR. The update also improves the stability, reliability, and security of your Mac.

Battery Health Management

• Battery health management to help maximize battery lifespan for Mac notebooks
• Energy Saver preference pane now displays battery condition and recommends if the battery needs to be serviced
• Option to disable battery health management
  For more information, please visit https://support.apple.com/kb/HT211094

FaceTime Prominence Preference

• New option to control automatic prominence on Group FaceTime calls, so video tiles do not change size when a participant speaks

Calibration Fine-Tuning for Pro Display XDR

• Controls to fine-tune the built-in calibration of your Pro Display XDR by adjusting the white point and luminance for a precise match to
  your own display-calibration target

This update also includes bug fixes and other improvements:

• Fixes an issue that may prevent Reminders from sending notifications for recurring reminders
• Addresses an issue that may prevent password entry on the login screen
• Fixes an issue where System Preferences would continue to show a notification badge even after installing an update
• Resolves an issue where the built-in camera may not be detected when trying to use it after using a video conferencing app
• Addresses an issue for Mac computers with the Apple T2 Security Chip where internal speakers may not appear as a sound output device in Sound preferences
• Fixes a stability issue with uploading and downloading media files from iCloud Photo Library while your Mac is asleep
• Resolves a stability issue when transferring large amounts of data to RAID volumes
• Fixes an issue where the Reduced Motion Accessibility preference did not reduce the speed of animations in a Group FaceTime call

Enterprise content:

• Improves performance on certain Mac models when enabling hardware acceleration in GPU-intensive apps such as those used for video conferencing
• Addresses an issue where Microsoft Exchange accounts were unable to sign in during account setup when using Conditional Access
• Apple Push Notification Service traffic now uses a web proxy when specified in a PAC file via the Proxies payload
• Resolves an issue that prevented some displays connected to MacBook Pro (16-inch, 2019) from waking from sleep when the Mac wakes
• Major new releases of macOS are no longer hidden when using the softwareupdate(8) command with the --ignore flag
  This change also affects macOS Mojave and macOS High Sierra after installing Security Update 2020-003.

macOS Catalina 10.15.4

macOS Catalina 10.15.4 introduces iCloud Drive folder sharing, Screen Time communication limits, Apple Music time-synced lyrics view, and more. Macos x 10.13 laptop for sale. The update also improves the stability, reliability, and security of your Mac.

Finder

• iCloud Drive folder sharing from Finder
• Controls to limit access only to people you explicitly invite, or to grant access to anyone with the folder link
• Permissions to choose who can make changes and upload files, and who can only view and download files

Screen Time

• Communication limits for controlling who your children can communicate with and be contacted by throughout the day and during downtime
• Playback control of music videos for your children

Music

• Time-synced lyrics view for Apple Music, including the ability to jump to your favorite part of a song by clicking a line in lyrics view

Safari

• Option to import Chrome passwords into your iCloud Keychain for easy AutoFill of your passwords in Safari and across all your devices
• Controls for duplicating a tab and for closing all tabs to the right of the current tab
• HDR playback support on compatible computers for Netflix content

App Store with Apple Arcade

• Universal Purchase support enables the use of a singular purchase of a participating app across iPhone, iPod touch, iPad, Mac, and Apple TV

Pro Display XDR

• Customized reference modes that you can tailor to specific workflow needs by selecting from several color gamut, white point, luminance, and transfer function options

Accessibility

• Head pointer preference for moving a cursor on the screen based on the precise movements of your head

This update also includes bug fixes and other improvements:

• High Dynamic Range output to HDR10-compatible third-party displays and TVs connected with DisplayPort or HDMI
• OAuth authentication support with Outlook.com accounts for improved security
• CalDav migration support when upgrading to iCloud reminders on a secondary device
• Addresses an issue where text copied between apps may appear invisible when Dark Mode is active
• Resolves an issue in Safari where a CAPTCHA tile may display incorrectly
• Fixes an issue where you may receive notifications for updated or completed reminders
• Fixes an issue with screen brightness for the LG UltraFine 5K display after waking from sleep

Enterprise content:

• Apple Push Notification Service traffic now uses a web proxy when specified in a PAC file
• Resolves an issue where updating the login keychain password after resetting a user password would cause a new keychain to be created
• After enabling ”Search directory services for certificates” in Keychain Access preferences, searching by email address in Keychain Access or Mail now locates a user certificate stored in directory services
• When setting the DisableFDEAutoLogin key in com.apple.loginwindow, you can now sync your FileVault password with the Active Directory user password after updating the user password
• Reinstates the ability to update or restore iOS, iPadOS, or tvOS devices by dragging .ipsw files to the device in an Apple Configurator 2 window
• Addresses an issue where sending the EraseDevice MDM command might not cause the device to be erased
• When logging in as an Active Directory user after using deferred FileVault enablement, the user is now prompted for their password to enable FileVault

Some features may not be available for all regions, or on all Apple devices.

macOS Catalina 10.15.3

The macOS Catalina 10.15.3 update improves the stability, reliability, and security of your Mac, and is recommended for all users.

• Optimizes gamma handling of low gray levels on Pro Display XDR for SDR workflows when using macOS
• Improves multi-stream video editing performance for HEVC and H.264-encoded 4K video on the MacBook Pro (16-inch, 2019)

macOS Catalina 10.15.2

The macOS Catalina 10.15.2 update improves the stability, reliability and performance of your Mac and is recommended for all users.

This update adds the following features:

Apple News

• New layout for Apple News+ stories from The Wall Street Journal and other leading newspapers

Stocks

• Get links to related stories or more stories from the same publication at the end of an article
• “Breaking” and “Developing” labels for Top Stories
• Stories from Apple News are now available in Canada in English and French

This update includes the following bug fixes:

Music

• Restores the column browser view for managing the music library
• Resolves an issue that may prevent album artwork from appearing
• Fixes an issue that may reset music equalizer settings during playback

iTunes Remote

• Adds support for using an iPhone or iPad to remotely control the Music and TV apps on a Mac

Photos

• Resolves an issue that may cause some AVI and MP4 files to appear as unsupported
• Fixes an issue that prevents newly created folders from appearing in Albums view
• Addresses an issue where manually sorted images in an album may be printed or exported out of order
• Fixes an issue that prevents the zoom-to-crop tool from working in a print preview

Mail

• Addresses an issue that may cause Mail preferences to open with a blank window
• Resolves an issue that may prevent using undo from retrieving deleted mail

Other

• Improves the reliability of syncing books and audiobooks to your iPad or iPhone through the Finder
• Fixes an issue where reminders may be out of order in the Today smart list in the Reminders app
• Resolves an issue that may cause slow typing performance in the Notes app

Enterprise content

• Fixes an issue where the user password might not be accepted at the login window after upgrading a Mac with an Apple T2 Security Chip to macOS Catalina
• Improves compatibility with video conferencing apps on MacBook Pro models introduced in 2018
• Users logged in as a standard user can now install apps from the App Store

macOS Catalina 10.15.1

The macOS Catalina 10.15.1 update includes updated and additional emoji, support for AirPods Pro, HomeKit Secure Video, HomeKit-enabled routers, and new Siri privacy settings, as well as bug fixes and improvements.

Emoji

• Over 70 new or updated emoji, including animals, food, activities, new accessibility emoji, gender-neutral emoji, and skin tones selection for couple emoji

AirPods support

• AirPods Pro support

Home app

• HomeKit Secure Video enables you to privately capture, store, and view encrypted video from your security cameras and features people, animal, and vehicle detection
• HomeKit enabled routers let you control how your HomeKit accessories communicate over the internet or in your home
• Adds support for AirPlay 2-enabled speakers in scenes and automations

Siri

• Privacy settings to control whether or not to help improve Siri and Dictation by allowing Apple to store audio of your Siri and Dictation interactions
• Option to delete your Siri and Dictation history from Siri Settings

This update also includes the following bug fixes and improvements:

• Restores the ability to view file names in the All Photos view in Photos
• Restores the ability to filter by favorites, photos, videos, edited, and keywords in Days view in Photos
• Fixes an issue where Messages would only send a single notification when the option to repeat alerts was enabled
• Resolves an issue that caused Contacts to launch to the previously opened contact instead of the contact list
• Adds a two-finger swipe gesture for back navigation in Apple News
• Resolves issues that may occur in the Music app when displaying playlists inside folders and newly added songs in the Songs list
• Improves reliability of migrating iTunes library databases into the Music, Podcasts, and TV apps
• Fixes an issue where downloaded titles were not visible in the Downloads folder in the TV app

Enterprise content

• When using the built-in keyboard with a non-U.S. keyboard layout, passwords with certain characters are no longer rejected at the Mac login window
• When sign in with Apple ID is not allowed by a configuration profile, the Sign In button in System Preferences is now dimmed

macOS Catalina 10.15

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

macOS Catalina 10.15.1, Security Update 2019-001, Security Update 2019-006

Released October 29, 2019

Accounts

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15

Impact: A remote attacker may be able to leak memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at Technische Universität Darmstadt

Entry updated February 11, 2020

Accounts

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: AirDrop transfers may be unexpectedly accepted while in Everyone mode

Description: A logic issue was addressed with improved validation.

CVE-2019-8796: Allison Husain of UC Berkeley

Entry added April 4, 2020

AirDrop

Available for: macOS Catalina 10.15

Impact: AirDrop transfers may be unexpectedly accepted while in Everyone mode

Description: A logic issue was addressed with improved validation.

CVE-2019-8796: Allison Husain of UC Berkeley

Entry added April 4, 2020

AMD

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8748: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team

Entry added February 11, 2020

apache_mod_php

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: Multiple issues in PHP

Description: Multiple issues were addressed by updating to PHP version 7.3.8.

CVE-2019-11041

CVE-2019-11042

Entry added February 11, 2020

APFS

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2019-8824: Mac working with Trend Micro's Zero Day Initiative

Entry added February 11, 2020

App Store

Available for: macOS Catalina 10.15

Impact: A local attacker may be able to login to the account of a previously logged in user without valid credentials.

Description: An authentication issue was addressed with improved state management.

CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu)

AppleGraphicsControl

Available for: macOS Catalina 10.15

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2019-8817: Arash Tohidi

AppleGraphicsControl

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8716: Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin Group, Zhuo Liang of Qihoo 360 Vulcan Team

Associated Domains

Available for: macOS Catalina 10.15

Impact: Improper URL processing may lead to data exfiltration

Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.

CVE-2019-8788: Juha Lindstedt of Pakastin, Mirko Tanania, Rauli Rikama of Zero Keyboard Ltd

Audio

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab

Audio

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8785: Ian Beer of Google Project Zero

CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure

Entry updated February 11, 2020

Audio

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: Processing a maliciously crafted audio file may disclose restricted memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8850: Anonymous working with Trend Micro Zero Day Initiative

Entry updated December 18, 2019

Books

Available for: macOS Catalina 10.15

Impact: Parsing a maliciously crafted iBooks file may lead to disclosure of user information

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven

Contacts

Available for: macOS Catalina 10.15

Impact: Processing a maliciously contact may lead to UI spoofing

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)

CoreAudio

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: Playing a malicious audio file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2019-8592: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Entry added November 6, 2019

CoreAudio

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: Processing a maliciously crafted movie may result in the disclosure of process memory

Description: A memory corruption issue was addressed with improved validation.

CVE-2019-8705: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Entry added February 11, 2020

CoreMedia

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2019-8825: Found by GWP-ASan in Google Chrome

Entry added February 11, 2020

CUPS

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: An attacker in a privileged network position may be able to leak sensitive user information

Description: An input validation issue was addressed with improved input validation.

CVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)

CUPS

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: Processing a maliciously crafted string may lead to heap corruption

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2019-8767: Stephen Zeisberg

CUPS

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: An attacker in a privileged position may be able to perform a denial of service attack

Description: A denial of service issue was addressed with improved validation.

CVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)

File Quarantine

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: A malicious application may be able to elevate privileges

Description: This issue was addressed by removing the vulnerable code.

CVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs

File System Events

Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero Day Initiative

Foundation

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8746: Natalie Silvanovich and Samuel Groß of Google Project Zero

Entry added February 11, 2020

Graphics

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: Processing a malicious shader may result in unexpected application termination or arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2018-12152: Piotr Bania of Cisco Talos

CVE-2018-12153: Piotr Bania of Cisco Talos

CVE-2018-12154: Piotr Bania of Cisco Talos

Graphics Driver

Available for: macOS Catalina 10.15

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8784: Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC

Intel Graphics Driver

Available for: macOS Catalina 10.15

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8807: Yu Wang of Didi Research America

IOGraphics

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2019-8759: another of 360 Nirvan Team

iTunes

Available for: macOS Catalina 10.15

Impact: Running the iTunes installer in an untrusted directory may result in arbitrary code execution

Description: A dynamic library loading issue existed in iTunes setup. This was addressed with improved path searching.

CVE-2019-8801: Hou JingYi (@hjy79425575) of Qihoo 360 CERT

Kernel

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2019-8709: derrek (@derrekr6) derrek (@derrekr6)

Entry added February 11, 2020

Kernel

Available for: macOS Catalina 10.15

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure

Kernel

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8717: Jann Horn of Google Project Zero

CVE-2019-8786: Wen Xu of Georgia Tech, Microsoft Offensive Security Research Intern Simple exif viewer for macos.

Entry updated November 18, 2019, updated February 11, 2020

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: A malicious application may be able to determine kernel memory layout

Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management.

CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team

Kernel

Available for: macOS Catalina 10.15

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2019-8829: Jann Horn of Google Project Zero

Entry added November 6, 2019

libxml2

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: Multiple issues in libxml2

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2019-8749: found by OSS-Fuzz

CVE-2019-8756: found by OSS-Fuzz

libxslt

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: Multiple issues in libxslt

Description: Multiple memory corruption issues were addressed with improved input validation.

CVE-2019-8750: found by OSS-Fuzz

manpages

Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15

Impact: A malicious application may be able to gain root privileges

Description: A validation issue was addressed with improved logic.

CVE-2019-8802: Csaba Fitzl (@theevilbit)

PDFKit

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An attacker may be able to exfiltrate the contents of an encrypted PDF

Description: An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt.

CVE-2019-8772: Jens Müller of Ruhr University Bochum, Fabian Ising of FH Münster University of Applied Sciences, Vladislav Mladenov of Ruhr University Bochum, Christian Mainka of Ruhr University Bochum, Sebastian Schinzel of FH Münster University of Applied Sciences, and Jörg Schwenk of Ruhr University Bochum

Entry added February 11, 2020

PluginKit

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: A local user may be able to check for the existence of arbitrary files

Description: A logic issue was addressed with improved restrictions.

CVE-2019-8708: an anonymous researcher

PluginKit

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8715: an anonymous researcher

Screen Sharing Server

Available for: macOS Catalina 10.15

Impact: A user who shares their screen may not be able to end screen sharing

Description: A logic issue was addressed with improved state management.

CVE-2019-8858: Saul van der Bijl of Saul’s Place Counseling B.V.

Entry added December 18, 2019

System Extensions

Available for: macOS Catalina 10.15

Impact: An application may be able to execute arbitrary code with system privileges

Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.

CVE-2019-8805: Scott Knight (@sdotknight) of VMware Carbon Black TAU

UIFoundation

Available for: macOS Catalina 10.15

Impact: A malicious HTML document may be able to render iframes with sensitive user information

Description: A cross-origin issue existed with 'iframe' elements. This was addressed with improved tracking of security origins.

CVE-2019-8754: Renee Trisberg of SpectX

Entry added February 24, 2020

UIFoundation

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: Processing a maliciously crafted text file may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2019-8745: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Entry added February 11, 2020

UIFoundation

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2019-8831: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative

Entry added February 11, 2020

UIFoundation

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: Parsing a maliciously crafted text file may lead to disclosure of user information

Description: This issue was addressed with improved checks.

CVE-2019-8761: Renee Trisberg of SpectX

Trend Micro Security For Mac Catalina

Wi-Fi

Steam Update For Mac Catalina

Available for: macOS Catalina 10.15

Impact: An attacker in Wi-Fi range may be able to view a small amount of network traffic

Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management.

CVE-2019-15126: Milos Cermak at ESET

Entry added February 11, 2020

Additional recognition

CFNetwork

We would like to acknowledge Lily Chen of Google for their assistance.

Kernel

We would like to acknowledge Brandon Azad of Google Project Zero, Daniel Roethlisberger of Swisscom CSIRT, Jann Horn of Google Project Zero for their assistance.

Entry updated November 6, 2019

libresolv

We would like to acknowledge enh at Google for their assistance.

Local Authentication

We would like to acknowledge Ryan Lopopolo for their assistance.

Entry added February 11, 2020

mDNSResponder

We would like to acknowledge Gregor Lang of e.solutions GmbH for their assistance.

Entry added February 11, 2020

Postfix

Trend Micro For Mac Computers

We would like to acknowledge Chris Barker of Puppet for their assistance.

python

We would like to acknowledge an anonymous researcher for their assistance.

VPN

Trend Micro Mac Update

We would like to acknowledge Royce Gawron of Second Son Consulting, Inc. for their assistance.