Apple has released a set of security updates for the second time this month. The updates include fixes for vulnerabilities in macOS, Safari, watchOS, iOS and tvOS. There are a total of 56 CVEs.

33 vulnerabilities were fixed in macOS and 14 vulnerabilities in Safari. Eleven vulnerabilities in macOS lead to arbitrary code execution. 13 out of 14 vulnerabilities in Safari also lead to code execution.

CVE-2019-8786 is considered critical as it allows arbitrary code execution with kernel privileges. CVE-2019-8786 is a memory corruption issue in the ‘Kernel‘ which was addressed with improved memory handling. CVE-2019-8802 is a validation issue in ‘manpages‘ which allows an attacker to gain root privileges. CVE-2019-8813 is a vulnerability affecting ‘WebKit’ component which leads to universal cross site scripting.

The other vulnerabilities affecting macOS allow an attacker to leak and read restricted memory, exfiltrate data with improper URL processing, leak sensitive user information, perform a denial of service attacks, elevate privileges, determine kernel memory layout and check for the existence of arbitrary files.

We strongly recommend system administrators to keep their systems up-to-date with the latest patches.


Apple Security Updates Summary:

Apple Security Updates October 2019 has addressed vulnerabilities in the following products:


  • Product : macOS
  • Affected OS macOS Catalina, macOS High Sierra, macOS Mojave
  • Affected features : Accounts, App Store, AppleGraphicsControl, Associated Domains, Audio, Books, CUPS, Contacts, File Quarantine, File System Events, Graphics, Graphics Driver, IOGraphics, Intel Graphics Driver, Kernel, PluginKit, System Extensions, UIFoundation, iTunes, libxml2, libxslt, manpages
  • Impact : Denial of service, Authentication Bypass, Privilege Escalation, Arbitrary Code Execution, Information Disclosure, Spoofing
  • CVEs : CVE-2017-7152, CVE-2018-12152, CVE-2018-12153, CVE-2018-12154, CVE-2019-8509, CVE-2019-8706, CVE-2019-8708, CVE-2019-8715, CVE-2019-8716, CVE-2019-8736, CVE-2019-8737, CVE-2019-8744, CVE-2019-8749, CVE-2019-8750, CVE-2019-8756, CVE-2019-8759, CVE-2019-8761, CVE-2019-8767, CVE-2019-8784, CVE-2019-8785, CVE-2019-8786, CVE-2019-8787, CVE-2019-8788, CVE-2019-8789, CVE-2019-8794, CVE-2019-8797, CVE-2019-8798, CVE-2019-8801, CVE-2019-8802, CVE-2019-8803, CVE-2019-8805, CVE-2019-8807, CVE-2019-8817

  • Product : Safari 13.0.3
  • Affected OS macOS Mojave, macOS High Sierra, and macOS Catalina
  • Affected features : WebKit, WebKit Process Model
  • Impact :  Arbitrary Code Execution, Cross Site Scripting
  • CVEs : CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823

  • Product : watchOS 6.1
  • Affected OS : watchOS
  • Affected features : Accounts, App Store, AppleFirmwareUpdateKext, Audio, Contacts, File System Events, Kernel, VoiceOver, WebKit, libxslt
  • Impact : Authentication Bypass, Information Disclosure, Arbitrary Code Execution, Spoofing, Cross Site Scripting
  • CVEs : CVE-2017-7152, CVE-2019-8743, CVE-2019-8747, CVE-2019-8750, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8775, CVE-2019-8785, CVE-2019-8786, CVE-2019-8787, CVE-2019-8794, CVE-2019-8797, CVE-2019-8798, CVE-2019-8803, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8816, CVE-2019-8820

  • Product : iOS 13.2 and iPadOS 13.2
  • Affected OS : iOS and iPadOS
  • Affected features : AVEVideoEncoder, Accounts, App Store, Associated Domains, Audio, Books, Contacts, File System Events, Graphics Driver, Kernel, Screen Recording, Setup Assistant, WebKit, WebKit Process Model
  • Impact : Authentication Bypass, Information Disclosure, Arbitrary Code Execution, Cross Site Scripting, Spoofing
  • CVEs : CVE-2017-7152, CVE-2019-8782, CVE-2019-8783, CVE-2019-8784, CVE-2019-8785, CVE-2019-8786, CVE-2019-8787, CVE-2019-8788, CVE-2019-8789, CVE-2019-8793, CVE-2019-8794, CVE-2019-8795, CVE-2019-8797, CVE-2019-8798, CVE-2019-8803, CVE-2019-8804, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823

  • Product : tvOS 13.2
  • Affected OS : tvOS
  • Affected features : AVEVideoEncoder, Accounts, App Store, Audio, File System Events, Kernel, WebKit, WebKit Process Model
  • Impact : Authentication Bypass, Information Disclosure, Arbitrary Code Execution, Cross Site Scripting, Spoofing
  • CVEs : CVE-2019-8782, CVE-2019-8783, CVE-2019-8785, CVE-2019-8786, CVE-2019-8787, CVE-2019-8794, CVE-2019-8795, CVE-2019-8797, CVE-2019-8798, CVE-2019-8803, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823

Summary
Apple Security Updates
Article Name
Apple Security Updates
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *