Impact: An application may be able to execute arbitrary code with system privilegesĭescription: A memory corruption issue was addressed with improved memory handling.ĬVE-2018-4463: Maksymilian Arciemowicz ()Īvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.1 Impact: An application may be able to read restricted memoryĭescription: A validation issue was addressed with improved input sanitization.ĬVE-2018-4462: cocoahuke, Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team working with Trend Micro's Zero Day Initiative The specifics may vary with the severity of the fixed vulnerabilities, but in general, we currently suggest that you should wait at least a week before installing updates like these.Impact: A malicious application may be able to elevate privilegesĭescription: A type confusion issue was addressed with improved memory handling.ĬVE-2018-4303: Mohamed Ghannam updated December 21, 2018Īvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.1, macOS High Sierra 10.13.6 It’s now clear that we’ll need to make such recommendations for Safari and security updates in the future as well. When we write about Apple’s operating system updates, we always try to offer advice about when to install. Nevertheless, we hope Apple is investigating how such major issues slipped through internal testing. In Apple’s defense, the situation was unusual, with the problems originating with the separate Safari 14.0 update and being revealed only after the user installed Security Update 2020-005. Quite a few people have reported separate troubles with Safari 14.0, and we’re guessing that Safari 14.0.1, now in beta testing, will address those.Īlthough Apple responded fairly quickly, it’s still a black eye for the company to ship a security update that caused such problems. We suspect that the new version of Safari 14.0 installed by the supplemental update addresses only the bugs that triggered problems once Security Update 2020-005 was installed. Just don’t install the supplemental update, which will give you Safari 14.0. However, if you want to stay on an earlier version of Safari for some reason, you should be able to install Security Update 2020-005. If you previously installed Safari 14.0, with or without Security Update 2020-005, we recommend installing this supplemental update immediately. Regardless, the practical upshot is that installing Security Update 2020-005 (if available) and macOS Mojave 10.14.6 Supplemental Update will give you both the updated Safari 14.0 and security update code. Precisely what you’ll see in Software Update depends on what you have already installed. Macintosh suggests that the supplemental update fixes all the previous problems. Apple also re-released Security Update 2020-005 with no changes.Ĭoverage from Mr. ![]() Then, late in the day on 1 October 2020, the company released macOS Mojave 10.14.6 Supplemental Update that, in fact, installs only a fixed version of Safari 14.0 and requires a restart. On 30 September 2020, Apple pulled the updates for both Safari 14.0 and Security Update 2020-005. Further discussion suggested that the problems might have been related to installing Safari 14.0 (released the previous week) before Security Update 2020-005. Issues included large increases in memory usage, slow boots, overall system slowness, the inability to create new users, and more. MacOS Mojave 10.14.6 Supplemental Update Fixes Problems with an Updated Safari 14.0Īs we warned in “ Security Update 2020-005 (Mojave and High Sierra),” (28 September 2020), users of macOS 10.14 Mojave who installed Security Update 2020-005 experienced numerous problems, as well-documented by Mr. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |