Second macOS 10.14.6 Supplemental Update plugs malware hole

Posted:
in macOS
Apple has released a second "Supplemental Update" for macOS Mojave 10.14.6, along with security updates for High Sierra and Sierra, one which fixes a flaw found by Google that could be abused by malware as part of an attack.




Released on Thursday, "Supplemental Update 2," is described in the Software Update utility of macOS as "recommended for all users and improves the security of macOS." The update itself weighs in at 1.25 gigabytes, making it a relatively hefty update.

The update also includes links to the security content page, which advises the update fixes one bug. According to Apple, "a remote attacker may be able to cause unexpected application termination or arbitrary code execution" in unpatched Macs, with the update's affects being "an out-of-bounds read was addressed with improved input validation."

The issue is listed as CVE-2019-8641, and is credited to Samuel Gross and Natalie Silvanovich of Google Project Zero, the search company's security team working to uncover exploits and flaws in operating systems and software.

The bug is actually part of a batch of issues revealed by the team in July which disclosed five of six security bugs within iOS that could have allowed an attacker to affect a target user's device via iMessage. The CVE number in question was for the sixth bug that was not revealed at the time.

The first Supplemental Update for macOS Mojave 10.14.6 was released on August 1.

Comments

  • Reply 1 of 8
    Wow, it’s 1.3GB for my 2015 iMac. 
  • Reply 2 of 8
    Why didn't they just make this 10.14.7?
    forgot username
  • Reply 3 of 8
    Wgkrueger said:
    Wow, it’s 1.3GB for my 2015 iMac. 
    1.88GB for an 2017 iMac running 10.13.6
  • Reply 4 of 8
    I agree. Why not make it 10.14.7. 
  • Reply 5 of 8
    sflocalsflocal Posts: 5,658member
    Why didn't they just make this 10.14.7?
    swat671 said:
    I agree. Why not make it 10.14.7. 
    who cares?
    gilly33
  • Reply 6 of 8
    Why didn't they just make this 10.14.7?

    It is puzzling how they decide what is a "minor" update and what is a "supplemental" update. Maybe it's too small to qualify as a version bump. Not small in seriousness, but changed files.

  • Reply 7 of 8
    cpsrocpsro Posts: 2,833member
    I thought this might remove the Google malware, too, but Chrome is still installed on my system after the update.  :p
    edited September 2019 cat52ElCapitangilly33
  • Reply 8 of 8
    swat671 said:
    I agree. Why not make it 10.14.7. 
    Most likely because it’s about security fixes and not feature changes that changes how OS X works or looks
Sign In or Register to comment.