-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2019-10-29-2 macOS Catalina 10.15.1, Security Update
2019-001 Mojave, Security Update 2019-006 High Sierra

macOS Catalina 10.15.1, Security Update 2019-001 Mojave,
Security Update 2019-006 High Sierra are now available and address
the following:

Accounts
Available for: macOS Catalina 10.15
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8787: Steffen Klee of Secure Mobile Networking Lab at
Technische Universität Darmstadt

App Store
Available for: macOS Catalina 10.15
Impact: A local attacker may be able to login to the account of a
previously logged in user without valid credentials.
Description: An authentication issue was addressed with improved
state management.
CVE-2019-8803: Kiyeon An, 차민규 (CHA Minkyu)

AppleGraphicsControl
Available for: macOS Catalina 10.15
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8817: Arash Tohidi

AppleGraphicsControl
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8716: Zhiyi Zhang of Codesafe Team of Legendsec at Qi'anxin
Group, Zhuo Liang of Qihoo 360 Vulcan Team

Associated Domains
Available for: macOS Catalina 10.15
Impact: Improper URL processing may lead to data exfiltration
Description: An issue existed in the parsing of URLs. This issue was
addressed with improved input validation.
CVE-2019-8788: Juha Lindstedt of Pakastin, Mirko Tanania, Rauli
Rikama of Zero Keyboard Ltd

Audio
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2019-8706: Yu Zhou of Ant-financial Light-Year Security Lab

Audio
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8785: Ian Beer of Google Project Zero
CVE-2019-8797: 08Tc3wBB working with SSD Secure Disclosure

Books
Available for: macOS Catalina 10.15
Impact: Parsing a maliciously crafted iBooks file may lead to
disclosure of user information
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2019-8789: Gertjan Franken of imec-DistriNet, KU Leuven

Contacts
Available for: macOS Catalina 10.15
Impact: Processing a maliciously contact may lead to UI spoofing
Description: An inconsistent user interface issue was addressed with
improved state management.
CVE-2017-7152: Oliver Paukstadt of Thinking Objects GmbH (to.com)

CUPS
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8736: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)

CUPS
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2019-8767: Stephen Zeisberg

CUPS
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2019-8737: Pawel Gocyla of ING Tech Poland (ingtechpoland.com)

File Quarantine
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A malicious application may be able to elevate privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2019-8509: CodeColorist of Ant-Financial LightYear Labs

File System Events
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8798: ABC Research s.r.o. working with Trend Micro's Zero
Day Initiative

Graphics
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing a malicious shader may result in unexpected
application termination or arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2018-12152: Piotr Bania of Cisco Talos
CVE-2018-12153: Piotr Bania of Cisco Talos
CVE-2018-12154: Piotr Bania of Cisco Talos

Graphics Driver
Available for: macOS Catalina 10.15
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8784: Vasiliy Vasilyev and Ilya Finogeev of Webinar, LLC

Intel Graphics Driver
Available for: macOS Catalina 10.15
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8807: Yu Wang of Didi Research America

IOGraphics
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8759: another of 360 Nirvan Team

iTunes
Available for: macOS Catalina 10.15
Impact: Running the iTunes installer in an untrusted directory may
result in arbitrary code execution
Description: A dynamic library loading issue existed in iTunes setup.
This was addressed with improved path searching.
CVE-2019-8801: Hou JingYi (@hjy79425575) of Qihoo 360 CERT

Kernel
Available for: macOS Catalina 10.15
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2019-8794: 08Tc3wBB working with SSD Secure Disclosure

Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS
Catalina 10.15
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8786: an anonymous researcher

Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A malicious application may be able to determine kernel
memory layout
Description: A memory corruption issue existed in the handling of
IPv6 packets. This issue was addressed with improved memory
management.
CVE-2019-8744: Zhuo Liang of Qihoo 360 Vulcan Team

libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Multiple issues in libxml2
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8749: found by OSS-Fuzz
CVE-2019-8756: found by OSS-Fuzz

libxslt
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Multiple issues in libxslt
Description: Multiple memory corruption issues were addressed with
improved input validation.
CVE-2019-8750: found by OSS-Fuzz

manpages
Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15
Impact: A malicious application may be able to gain root privileges
Description: A validation issue was addressed with improved logic.
CVE-2019-8802: Csaba Fitzl (@theevilbit)

PluginKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A local user may be able to check for the existence of
arbitrary files
Description: A logic issue was addressed with improved restrictions.
CVE-2019-8708: an anonymous researcher

PluginKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8715: an anonymous researcher

SystemExtensions
Available for: macOS Catalina 10.15
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A validation issue existed in the entitlement
verification. This issue was addressed with improved validation of
the process entitlement.
CVE-2019-8805: Scott Knight (@sdotknight) of VMware Carbon Black TAU

UIFoundation
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Parsing a maliciously crafted text file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2019-8761: Renee Trisberg of SpectX

Additional recognition

CFNetwork
We would like to acknowledge Lily Chen of Google for their
assistance.

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero and
Jann Horn of Google Project Zero for their assistance.

libresolv
We would like to acknowledge enh at Google for their assistance.

Postfix
We would like to acknowledge Chris Barker of Puppet for their
assistance.

Profiles
We would like to acknowledge Csaba Fitzl (@theevilbit) for their
assistance.

python
We would like to acknowledge an anonymous researcher for their
assistance.

VPN
We would like to acknowledge Royce Gawron of Second Son Consulting,
Inc. for their assistance.

Installation note:

macOS Catalina 10.15.1, Security Update 2019-001 Mojave,
Security Update 2019-006 High Sierra may be
obtained from the Mac App Store or Apple's Software Downloads
web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQJdBAEBCABHFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl24p5UpHHByb2R1Y3Qt
c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQBz4uGe3y0M3T5w/+
MA0oNNn6fPlkGiHHzMisKLkseGIltXgSc1v01C32qZpWoCmIzxXoDN1DZ0UC1nkh
fAzFMvj25wEj14L7ZXOOqaLFgf+e3ZGzius71wru92h1oaYMkspO1A0I6jPOXUU0
EtZfy6RECv7Ees4Zvj5EWXO0Xqpk2fVyEN4f/sGLtlHRkv1Do9ge6pX3JyXynF+f
M0jSntJYBFMuzIX2LZFdbTgtcNhsVMhUlztz3SKbA+JF6IxertPSp9mOxaEtGnYj
LgvSy9EVn98XBRt7rS8zrXCBi1OrTV21RE2HY+Twv+8lSSMRsjo6+KW7sPYd3KDy
esY0zfIkZ1VSSw/sb0kBalkl/rjLeBkSsBlLiA9uWEvkH9uDNVuo4WzDIN6a89hs
Zb2Aj4VjlLlKRKXRmLmpq7TkUQTVxWNMUdHttHUa/k0ODWviH/CbCKhrv0GKB9+X
EOXG65J+qCzq07MPgQG/JWCFbpVVOqQyXOuKCwrDl1LIb15WMxy8vFApEcJAsrvB
Z9if9NDnJxTWo9gQUcrZHrFm/humsTc+YSPSDovfIEYwbx99LkOWdnK5kiTqodxW
SMQyXhAWeZqL8zzxkFjXnodsnmVXvldFVMHjqPdXuXnn6ythU4UPedklPC50bH9G
Ofniqz3XXmySfVDFNFyfODEsvnoTxmGiUyJzAxAM+JM=
=fvfR
-----END PGP SIGNATURE-----