Apple recently released macOS update 10.14.4, and Mathematics IT has tested it and approved it for use. You can see the changelog for the update below.
Overview
The macOS 10.14.4 SDK provides support for developing apps for Macs running macOS Mojave 10.14.4. The SDK comes bundled with Xcode 10.2 available from the Mac App Store. For information on the compatibility requirements for Xcode 10.2, see Xcode Release Notes.
Accessibility
Known Issues
- VoiceOver may no longer be able to access web content when moving backward or forward through the current Safari tab’s history. (48831713)Workaround: In Safari, select Preferences > Advanced > “Show Develop menu in menu bar”, then deselect Develop > Experimental Features > “Swap Processes on Cross-Site Navigation”.
App Store
Promoting Your Subscriptions with New Offers
StoreKit now supports subscription offers in addition to introductory offers, so apps with auto-renewable subscriptions can provide a discounted price for a specific duration for existing and previously subscribed customers. You can use subscription offers to help win back subscribers who have canceled their subscriptions or promote an upgrade to another subscription at a special price. Customers can accept the offer even if they’ve already completed an introductory offer.
StoreKit introduces a new array of SKProductDiscount objects within the SKProduct class to display offers within your app to eligible customers. Add a new SKPaymentDiscount object within the SKPayment class to allow these offers to be accepted by the customer.
News
New Features
- Apple News is available in Canada with macOS 10.14.4. Apple News in Canada supports both English and French. Readers can access a bilingual experience when they follow a channel in a second language.
Safari
Known Issues
- After updating to Safari 12.1 from Safari 10.1.2, web pages might not display. (47335741)Workaround: Run the following command in Terminal:
defaults delete com.apple.Safari
You will lose your previous Safari settings after running the command above.
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
Released March 25, 2019
AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow was addressed with improved size validation.
CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team
Bom
Available for: macOS Mojave 10.14.3
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file metadata.
CVE-2019-6239: Ian Moorhouse and Michael Trimm
CFString
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted string may lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
configd
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2019-8542: an anonymous researcher
DiskArbitration
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password
Description: A logic issue was addressed with improved state management.
CVE-2019-8522: Colin Meginnis (@falc420)
FaceTime
Available for: macOS Mojave 10.14.3
Impact: A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted file might disclose user information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2019-6237: an anonymous researcher
Graphics Drivers
Available for: macOS Mojave 10.14.3
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin (@panicaII), and Junzhi Lu of Trend Micro Research working with Trend Micro’s Zero Day Initiative
iAP
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2019-8542: an anonymous researcher
IOGraphics
Available for: macOS Mojave 10.14.3
Impact: A Mac may not lock when disconnecting from an external monitor
Description: A lock handling issue was addressed with improved lock handling.
CVE-2019-8533: an anonymous researcher, James Eagan of Télécom ParisTech, R. Scott Kemp of MIT, and Romke van Dijk of Z-CERT
IOHIDFamily
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: A memory corruption issue was addressed with improved state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2019-8504: an anonymous researcher
IOKit SCSI
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2019-8508: Dr. Silvio Cesare of InfoSect
Kernel
Available for: macOS Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to determine kernel memory layout
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2019-7293: Ned Williamson of Google
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Messages
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2019-8546: ChiYuan Chang
Notes
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view a user’s locked notes
Description: An access issue was addressed with improved memory management.
CVE-2019-8537: Greg Walker (gregwalker.us)
PackageKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2019-8561: Jaron Bradley of Crowdstrike
Perl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: Multiple issues in Perl
Description: Multiple issues in Perl were addressed in this update.
CVE-2018-12015: Jakub Wilk
CVE-2018-18311: Jayakrishna Menon
CVE-2018-18313: Eiichi Tsukata
Power Management
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)
QuartzCore
Available for: macOS Mojave 10.14.3
Impact: Processing malicious data may lead to unexpected application termination
Description: Multiple memory corruption issues were addressed with improved input validation.
CVE-2019-8507: Kai Lu of Fortinet’s FortiGuard Labs
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2019-8526: Linus Henze (pinauten.de)
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2019-8520: Antonio Groza, The UK’s National Cyber Security Centre (NCSC)
Siri
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to initiate a Dictation request without user authorization
Description: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation.
CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest
Time Machine
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A local user may be able to execute arbitrary shell commands
Description: This issue was addressed with improved checks.
CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs
TrueTypeScaler
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative
XPC
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs