macOS Mojave Security Updates10.14.6
The latest Security Updates for macOS Mojave.
Overview
For the protection of our customers, Apple doesn't disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are generally available. This document lists recent releases.
Keeping your software up to date is one of the most important things you can do to maintain your Apple product's security.
What's new in macOS Mojave Security Updates
Version 10.14.6 (2021-004):
Full release notes are available here
APFS
- A local user may be able to read arbitrary files. The issue was addressed with improved permissions logic.
Audio
- An application may be able to read restricted memory. A memory corruption issue was addressed with improved validation.
CFNetwork
- Processing maliciously crafted web content may disclose sensitive user information. A memory initialisation issue was addressed with improved memory handling.
CoreAudio
- A malicious application may be able to read restricted memory. A memory corruption issue was addressed with improved validation.
CoreGraphics
- Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. A memory corruption issue was addressed with improved validation.
CoreText
- Processing a maliciously crafted font may result in the disclosure of process memory. A logic issue was addressed with improved state management.
- A remote attacker may be able to cause a denial of service. A buffer overflow was addressed with improved input validation.
Curl
- An attacker may provide a fraudulent OCSP response that would appear valid. This issue was addressed with improved checks.
DiskArbitration
- A malicious application may be able to modify protected parts of the file system. A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks.
FontParser
- Processing a maliciously crafted font file may lead to arbitrary code execution. An out-of-bounds read was addressed with improved input validation.
FontParser
- Processing a maliciously crafted font file may lead to arbitrary code execution. A logic issue was addressed with improved state management.
Foundation
- A malicious application may be able to gain root privileges. A validation issue was addressed with improved logic.
ImageIO
- Processing a maliciously crafted image may lead to arbitrary code execution. This issue was addressed with improved checks.
Intel Graphics Driver
- An application may be able to execute arbitrary code with kernel privileges. An out-of-bounds write was addressed with improved input validation.
Intel Graphics Driver
- An application may be able to execute arbitrary code with kernel privileges. A race condition was addressed with additional validation.
Intel Graphics Driver
- A malicious application may be able to execute arbitrary code with kernel privileges. An out-of-bounds write issue was addressed with improved bounds checking.
Kernel
- A malicious application may be able to disclose kernel memory. A memory initialisation issue was addressed with improved memory handling.
- An application may be able to execute arbitrary code with kernel privileges. A logic issue was addressed with improved state management.
- A local attacker may be able to elevate their privileges. A memory corruption issue was addressed with improved validation.
Libxpc
- A malicious application may be able to gain root privileges. A race condition was addressed with additional validation.
Libxslt
- Processing a maliciously crafted file may lead to heap corruption. A double free issue was addressed with improved memory management.
NSRemoteView
- Processing maliciously crafted web content may lead to arbitrary code execution. A use after free issue was addressed with improved memory management.
Preferences
- A local user may be able to modify protected parts of the file system. A parsing issue in the handling of directory paths was addressed with improved path validation.
Smbx
- An attacker in a privileged network position may be able to leak sensitive user information. An integer overflow was addressed with improved input validation.
Tailspin
- A local attacker may be able to elevate their privileges. A logic issue was addressed with improved state management.
Tcpdump
- A remote attacker may be able to cause a denial of service. This issue was addressed with improved checks.
Time Machine
- A local attacker may be able to elevate their privileges. The issue was addressed with improved permissions logic.
Wi-Fi
- An application may be able to cause unexpected system termination or write kernel memory. A memory corruption issue was addressed with improved validation.
Wifivelocityd
- An application may be able to execute arbitrary code with system privileges. The issue was addressed with improved permissions logic.
WindowServer
- A malicious application may be able to unexpectedly leak a user's credentials from secure text fields. An API issue in Accessibility TCC permissions was addressed with improved state management.
Try our new feature and write a detailed review about macOS Mojave Security Updates. All reviews will be posted soon.
(0 Reviews of )
There are no reviews yet
May 25 2021
Version: 10.14.6
MACUPDATE, the info on this page is incorrect as of May 25, 2021. Yes, a security updates was released on May 24, 2021, but it is update 2021-04. this page is still showing info for 2021-03, but lists the release date as May 25, 2021
The link to Security Update 2020-004
https://support.apple.com/kb/DL2045?locale=en_US
Sep 25 2020
Version: 10.14.6
The 9-24-20 Security Update for Mojave is CRAP! Do NOT Install.
My 2010 Mac Pro has slowed to a Crawl. Apps take much longer to Open. Preview takes an inordinately LONG TIME and barely works. Transmission doesn't work. Even my Folders take forever to open.
I can only assume this is gonna be like when Apple destroyed your computer when you updated from Tiger to Leopard... and Leopard was such a disaster they quickly released Snow Leopard but if you were on the Old Motorola Chip you were F-ed.
May 29 2020
Version: 10.14.6
If you have a Mac with a T2 chip, i would NOT install this update. The previous 2020-02 update broke many T2 chip systems running Mojave. Crashing, error messages after a reboot ("Your system was restarted due to an error..."). Errors in the BridgeOS, no longer able to change setting to boot from external or non trusted drives, and many more. It was the hope of those experiencing these issues that this 2020-03 fixed those issues, it does not in my case and on the forums, not many other issues introduced in the 02 either, if any.
May 28 2020
Version: 10.14.6
Poorly done. This is one of the most obnoxious updates of macOS I've endured. It was put together in a thoroughly clunky, lazy, user-hostile way that is guaranteed to upset users. Specifically, beyond its 5 restarts, its final phase offers NO sign of activity other than allowing the user to move around their cursor. Otherwise, you'd think the thing had locked up. It just sits there for over half an hour looking dead. From my experience, it does indeed finish. It's not the time it takes to install the nearly 1.7 GB of data. It's the poor notification to the user that anything-at-all is happening. - - If you watch the update carefully, before the fifth and final phase you will very briefly see a rough guestimation of its finishing time. But once that notice abruptly disappears, users are left 100% in the dark for far too long. - - This CANNOT ever happen again Apple, you inconsiderate louts. Jobs would be ashamed. I'm certainly ashamed.
Free
App requirements:
- Intel 64
- macOS 10.14.0 or later
License:
Free • Absolutely Free
Downloaded & Installed 255 times
Similar apps
Be the first one to propose an app
similar to macOS Mojave Security Updates.
similar to macOS Mojave Security Updates.
New and Recently Updated
