Apple Security Update: Keep Your Apple Mac Systems UpToDate

  • Post author:
  • Reading time:6 mins read

Apple Security Updates May 2020


Apple has released a set of security updates for the second time this month. The updates include fixes for vulnerabilities in macOS, Safari, watchOS, iOS, and tvOS. There are a total of 56 CVEs. However, these CVEs can be detected using a vulnerability scanning tool.

33 vulnerabilities were fixed in macOS and 14 vulnerabilities in Safari. Eleven vulnerabilities in macOS lead to arbitrary code execution. 13 out of 14 vulnerabilities in Safari also lead to code execution. Using a patch management tool, these vulnerabilities can be remediated.

CVE-2019-8786 is considered critical as it allows arbitrary code execution with kernel privileges. CVE-2019-8786 is a memory corruption issue in the ‘Kernel‘ which was addressed with improved memory handling. However, CVE-2019-8802 is a validation issue in ‘manpages‘ which allows an attacker to gain root privileges. Moreover, CVE-2019-8813 is a vulnerability affecting ‘WebKit’ component which leads to universal cross site scripting.

The other vulnerabilities affecting macOS allow an attacker to leak and read restricted memory, exfiltrate data with improper URL processing, leak sensitive user information, perform a denial of service attacks, elevate privileges, determine kernel memory layout and check for the existence of arbitrary files.

However, we strongly recommend system administrators to keep their systems up-to-date with the latest patches in Apple Security update.


Apple Security Update Summary:

Apple Security Updates October 2019 has addressed vulnerabilities in the following products:


  • Product : macOS
  • Affected OS macOS Catalina, macOS High Sierra, macOS Mojave
  • Affected features : Accounts, App Store, AppleGraphicsControl, Associated Domains, Audio, Books, CUPS, Contacts, File Quarantine, File System Events, Graphics, Graphics Driver, IOGraphics, Intel Graphics Driver, Kernel, PluginKit, System Extensions, UIFoundation, iTunes, libxml2 and then libxslt, manpages
  • Impact : Denial of service, Authentication Bypass, Privilege Escalation, Arbitrary Code Execution, Information Disclosure and then Spoofing
  • CVEs : CVE-2017-7152, CVE-2018-12152, CVE-2018-12153, CVE-2018-12154, CVE-2019-8509, CVE-2019-8706, CVE-2019-8708, CVE-2019-8715, CVE-2019-8716, CVE-2019-8736, CVE-2019-8737, CVE-2019-8744, CVE-2019-8749, CVE-2019-8750, CVE-2019-8756, CVE-2019-8759, CVE-2019-8761, CVE-2019-8767, CVE-2019-8784, CVE-2019-8785, CVE-2019-8786, CVE-2019-8787, CVE-2019-8788, CVE-2019-8789, CVE-2019-8794, CVE-2019-8797, CVE-2019-8798, CVE-2019-8801, CVE-2019-8802, CVE-2019-8803, CVE-2019-8805, CVE-2019-8807 and then CVE-2019-8817

  • Product : Safari 13.0.3
  • Affected OS macOS Mojave, macOS High Sierra and then macOS Catalina
  • Affected features : WebKit, WebKit Process Model
  • Impact :  Arbitrary Code Execution, Cross Site Scripting
  • CVEs : CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822 and then CVE-2019-8823

  • Product : watchOS 6.1
  • Affected OS : watchOS
  • Affected features : Accounts, App Store, AppleFirmwareUpdateKext, Audio, Contacts, File System Events, Kernel, VoiceOver, WebKit and then libxslt
  • Impact : Authentication Bypass, Information Disclosure, Arbitrary Code Execution, Spoofing and then Cross Site Scripting
  • CVEs : CVE-2017-7152, CVE-2019-8743, CVE-2019-8747, CVE-2019-8750, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8775, CVE-2019-8785, CVE-2019-8786, CVE-2019-8787, CVE-2019-8794, CVE-2019-8797, CVE-2019-8798, CVE-2019-8803, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8816 and then CVE-2019-8820

  • Product : iOS 13.2 and iPadOS 13.2
  • Affected OS : iOS and iPadOS
  • Affected features : AVEVideoEncoder, Accounts, App Store, Associated Domains, Audio, Books, Contacts, File System Events, Graphics Driver, Kernel, Screen Recording, Setup Assistant, WebKit and then WebKit Process Model
  • Impact : Authentication Bypass, Information Disclosure, Arbitrary Code Execution, Cross Site Scripting and then Spoofing
  • CVEs : CVE-2017-7152, CVE-2019-8782, CVE-2019-8783, CVE-2019-8784, CVE-2019-8785, CVE-2019-8786, CVE-2019-8787, CVE-2019-8788, CVE-2019-8789, CVE-2019-8793, CVE-2019-8794, CVE-2019-8795, CVE-2019-8797, CVE-2019-8798, CVE-2019-8803, CVE-2019-8804, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822 and then CVE-2019-8823

  • Product : tvOS 13.2
  • Affected OS : tvOS
  • Affected features : AVEVideoEncoder, Accounts, App Store, Audio, File System Events, Kernel, WebKit and then WebKit Process Model
  • Impact : Authentication Bypass, Information Disclosure, Arbitrary Code Execution, Cross Site Scripting and then Spoofing
  • CVEs : CVE-2019-8782, CVE-2019-8783, CVE-2019-8785, CVE-2019-8786, CVE-2019-8787, CVE-2019-8794, CVE-2019-8795, CVE-2019-8797, CVE-2019-8798, CVE-2019-8803, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822 and then CVE-2019-8823