10.15.5 & 10.15.4 = Wake from Sleep Kernel Panic on 16″ MBPro (2019)

MrMacintosh.com - Did you Install the 10.15.4 Update on your 16 Inch MacBook Pro 2019, only to get a Kernel Panic after you Wake it from Sleep? You are not alone.
The Catalina 10.15.4 Update is causing kernel panics in some 16″ 2019 MacBook Pros.

Did you Install the 10.15.4/10.15.5 Update on your 16 Inch MacBook Pro 2019, only to get a Kernel Panic after you Wake it from Sleep? You are not alone.

UPDATE 7/15/20 – The 10.15.6 update is live! mrmacintosh.com/whats-new-in-the-macos-catalina-10-15-6-update-19g73/ Let me know if the update fixes the issue for you!

UPDATE 7/09/20 – I have received word that the wake from sleep kernel panic issue is resolved in 10.15.6 Beta 4 GM (19G71a). If still have the issue and can test, please let me know.

UPDATE 6/25/20 – I have a few reports that Big Sur Beta 1 fixed the issue, but for others they can still reproduce the problem. I would not recommend installing Big Sur as your main OS. You can install it in a 2nd container or external hard drive for testing. If Big Sur fixes the wake from sleep crashing issue, comment below or let me know!

UPDATE 6/8/20 – I am looking further into the 10.15.5 reports. Looks like this is the common error “Sleep transition timed out after 180 seconds while calling power state change callbacks. Suspected bundle: com.apple.iokit.IOGraphicsFamily.”

UPDATE 6/03/20 – I am seeing new reports that the 10.15.5 Update has not fixed the issue for some users. Others are saying that after installing the 10.15.5 Update that they are no longer seeing Kernel Panics after waking from sleep. Additional reports are saying that the issue is worse after installing the 10.15.5 Supplemental Update.

UPDATE 5/26/20 – Apple just released the 10.15.5 update. Let me know if the 10.15.5 update fixes the issue for you!

UPDATE: 5/18/20 – It looks like 10.15.5 Beta 4 fixes the wake from sleep kernel panic issue. I have received multiple emails, tweets and article replies confirming that Beta 4 has fixed the issue for them. I would like to take the time to thank you for all of your individual reports. When I can’t reproduce the issue, I rely on you to provide critical feedback. THANK YOU!

UPDATE: 5/15/20 – I am starting to get some reports that the 10.15.5 Beta 3 & 4 fix the issue. Did you try the latest beta and find that it fixes the issue? Let me know!

UPDATE: 5/7/20 – macOS Catalina 10.15.5 Beta 4 (19F83c) was released today. I have not received any reports that Beta 3 fixed this issue. If it has please let me know. Apple did not mentioned this issue in any of the 10.15.5 Beta Patch Notes.

UPDATE: 4/29/20 – macOS Catalina 10.15.5 Beta 3 was released today. I am getting word that Beta 3 includes a possible fix for the wake from sleep issue. If you install Beta 3 and it fixes your issue, please let me know!

UPDATE: 4/16/20 – macOS Catalina 10.15.5 Beta 2 was released today. Did this update fix the issue for you? I am also looking for users who reverted back to 10.15.1, 10.15.2 or 10.15.3 to see if that fixed the issue?

Main Article

As soon as the 10.15.4 Update hit, reports started to pop up of wake from Sleep Kernel Panics on the 16″ MacBook Pro. Does this situation sound familiar to you? If so you have a great memory! I tracked a very similar issue that was caused by the 2019-004 Mojave and High Sierra Security update back in July of 2019.

mrmacintosh.com/apple-pulls-2019-004-high-sierra-and-sierra-security-updates-after-kernel-panics/

I am seeing reports from users that this issue is happening again. This time around it is affecting macOS Catalina, specifically the 10.15.4 Update on the 2019 16-Inch MacBook Pro.

Table of Contents

  • 1. Affected Mac Models
  • 2. Affected OS Versions
  • 3. Problem: Kernel Panic after waking from sleep.
  • 4. Panic Reports
  • 5. Workarounds?
  • 6. Reverting back to 10.15.1, 10.15.2 or 10.15.3?
  • 7. This has happened before. Wait a few days before installing updates.
  • 8. Does Apple Know about this issue and are they working on a fix?
  • 9. Links
  • 10. Credit & Hat Tips

1. Affected Mac Models

Usually we have multiple different Models that are affected, but this time the issue looks to happen only one model.

  • MacBook Pro 16-Inch 2019
  • MacBook Pro 13-Inch 2020

2. Affected OS Versions

This issue affects 3 versions of macOS Catalina

  • 1. macOS Catalina 10.15.4 (19E266)
  • 2. macOS Catalina 10.15.4 Supplemental Update (19E287)
  • 3. macOS Catalina 10.15.5 (19F96)
  • 4. macOS Catalina 10.15.5 Supplemental Update (19F101)

3. Problem: Kernel Panic after waking from sleep.

I have collected and analyzed multiple Kernel Panic reports. This time, the issue can happen in mulitple situations.

  • Close lid and let the Mac Sleep – Open Lid = KP
  • Apple Icon to > Sleep – Hit key or move mouse = KP
  • The KP can happen with the MacBook Pro Plugged into Power or not.
  • KP Can also happen while connected to a Dock or Monitor.

4. Panic Reports

  1. Panic Report for 10.15.5 Beta 1 (19F53f)
panic(cpu 4 caller 0xffffff7f8d7a1a8d): watchdog timeout: no checkins from watchdogd in 94 seconds (21850 total checkins since monitoring last enabled)
Backtrace (CPU 4), Frame : Return Address
0xffffff839552bc40 : 0xffffff800cd1f5cd
0xffffff839552bc90 : 0xffffff800ce583e5
0xffffff839552bcd0 : 0xffffff800ce49f9e
0xffffff839552bd20 : 0xffffff800ccc5a40
0xffffff839552bd40 : 0xffffff800cd1ec97
0xffffff839552be40 : 0xffffff800cd1f087
0xffffff839552be90 : 0xffffff800d4c1a08
0xffffff839552bf00 : 0xffffff7f8d7a1a8d
0xffffff839552bf10 : 0xffffff7f8d7a147b
0xffffff839552bf50 : 0xffffff7f8d7b6d9c
0xffffff839552bfa0 : 0xffffff800ccc513e
Kernel Extensions in backtrace:
com.apple.driver.watchdog(1.0)[87C6D09A-72A7-3CEE-94F5-B8395E420958]@0xffffff7f8d7a0000->0xffffff7f8d7a8fff
com.apple.driver.AppleSMC(3.1.9)[E93667E5-4F4F-313E-B2C2-C0DEFEBB0963]@0xffffff7f8d7a9000->0xffffff7f8d7c7fff
dependency: com.apple.driver.watchdog(1)[87C6D09A-72A7-3CEE-94F5-B8395E420958]@0xffffff7f8d7a0000
dependency: com.apple.iokit.IOACPIFamily(1.4)[9483DF76-7217-3152-9908-49526931D984]@0xffffff7f8d709000
dependency: com.apple.iokit.IOPCIFamily(2.9)[3527849F-F985-3DA8-8739-70C847950059]@0xffffff7f8d712000
BSD process name corresponding to current thread: kernel_task
Boot args: chunklist-security-epoch=0 -chunklist-no-rev2-dev
Mac OS version:
19F53f
Kernel version:
Darwin Kernel Version 19.5.0: Sat Mar 21 01:41:29 PDT 2020; root:xnu-6153.120.15~20/RELEASE_X86_64
Kernel UUID: 7CDE7ECA-DF59-3D63-9A04-B1E556CE104F
Kernel slide: 0x000000000ca00000
Kernel text base: 0xffffff800cc00000
__HIB text base: 0xffffff800cb00000
System model name: MacBookPro16,1 (Mac-E1008331FDC96864)
System shutdown begun: NO
System uptime in nanoseconds: 218597998402897
last loaded kext at 173578121199354: |SCSITaskUserClient 422.120.1 (addr 0xffffff7f9112d000, size 36864)
last unloaded kext at 217215373935429: >!AXsanScheme 3 (addr 0xffffff7f91125000, size 32768)

2. Panic Report for 10.15.4 (19E287)

panic(cpu 0 caller 0xffffff8001e91b2c): Sleep transition timed out after 180 seconds while calling power state change callbacks. Suspected bundle: com.apple.iokit.IOGraphicsFamily. Thread 0x3d5e9.
Backtracing specified thread
Backtrace (CPU 0), Frame : Return Address
0xffffffa3e79ab900 : 0xffffff80018471e8
0xffffff83ac5e3bc0 : 0xffffff80017433f1
0xffffff83ac5e3c30 : 0xffffff8001741c2f
0xffffff83ac5e3c80 : 0xffffff80018442e9
0xffffff83ac5e3cc0 : 0xffffff8001843b4b
0xffffff83ac5e3cf0 : 0xffffff7f8538bced
0xffffff83ac5e3d20 : 0xffffff7f853a4fa3
0xffffff83ac5e3d30 : 0xffffff7f8538ecb9
0xffffff83ac5e3dc0 : 0xffffff7f8539aeee
0xffffff83ac5e3e00 : 0xffffff8001e152ea
0xffffff83ac5e3ea0 : 0xffffff8001e14c14
0xffffff83ac5e3ec0 : 0xffffff8001763545
0xffffff83ac5e3f40 : 0xffffff8001763071
0xffffff83ac5e3fa0 : 0xffffff80016c713e
Kernel Extensions in backtrace:
com.apple.iokit.IOGraphicsFamily(575.1)[D47CA481-C5E5-3F03-9B04-6634DF5F3121]@0xffffff7f85383000->0xffffff7f853d3fff
dependency: com.apple.iokit.IOPCIFamily(2.9)[1B1F3BBB-9212-3CF9-94F8-8FEF0D3ACEC4]@0xffffff7f82111000BSD process name corresponding to current thread: kernel_task
Boot args: chunklist-security-epoch=0 -chunklist-no-rev2-devMac OS version:
19E287
Kernel version: Darwin Kernel Version 19.4.0: Wed Mar 4 22:28:40 PST 2020; root:xnu-6153.101.6~15/RELEASE_X86_64 Kernel UUID: AB0AA7EE-3D03-3C21-91AD-5719D79D7AF6 Kernel slide: 0x0000000001400000 Kernel text base: 0xffffff8001600000 __HIB text base: 0xffffff8001500000 System model name: MacBookPro16,1 (Mac-E1008331FDC96864) System shutdown begun: NOSystem uptime in nanoseconds: 17702726268574 last loaded kext at 17042688141760: >usb.IOUSBHostHIDDevice 1.2 (addr 0xffffff7f852de000, size 45056) last unloaded kext at 9110056046447: >usb.IOUSBHostHIDDevice 1.2 (addr 0xffffff7f852de000, size 45056)

3. Panic Report for 10.15.4 (19E266)

panic(cpu 2 caller 0xffffff8007016487): "AppleIntelFramebuffer::setPowerState(0xffffff869c158000 : 0xffffff7f8a5c8d88, 1 -> 0) timed out after 45973 ms"@/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/xnu/xnu-6153.101.6/iokit/Kernel/IOServicePM.cpp:5296
Backtrace (CPU 2), Frame : Return Address
0xffffff875105bb40 : 0xffffff80069215cd
0xffffff875105bb90 : 0xffffff8006a5a3c5
0xffffff875105bbd0 : 0xffffff8006a4bf7e
0xffffff875105bc20 : 0xffffff80068c7a40
0xffffff875105bc40 : 0xffffff8006920c97
0xffffff875105bd40 : 0xffffff8006921087
0xffffff875105bd90 : 0xffffff80070c2c7c
0xffffff875105be00 : 0xffffff8007016487
0xffffff875105be50 : 0xffffff8007015d69
0xffffff875105be60 : 0xffffff800702d2fe
0xffffff875105bea0 : 0xffffff8007014b18
0xffffff875105bec0 : 0xffffff8006963545
0xffffff875105bf40 : 0xffffff8006963071
0xffffff875105bfa0 : 0xffffff80068c713e BSD process name corresponding to current thread: kernel_task
Boot args: chunklist-security-epoch=0 -chunklist-no-rev2-devMac OS version:
19E266
Kernel version:
Darwin Kernel Version 19.4.0: Wed Mar 4 22:28:40 PST 2020; root:xnu-6153.101.6~15/RELEASE_X86_64
Kernel UUID: AB0AA7EE-3D03-3C21-91AD-5719D79D7AF6
Kernel slide: 0x0000000006600000
Kernel text base: 0xffffff8006800000
__HIB text base: 0xffffff8006700000
System model name: MacBookPro16,1 (Mac-E1008331FDC96864)
System shutdown begun: NOSystem uptime in nanoseconds: 18107023783810
last loaded kext at 92476327132: >usb.cdc.acm 5.0.0 (addr 0xffffff7f8dcb9000, size 32768)
last unloaded kext at 19827018284: com.cisco.kext.acsock 4.8.0 (addr 0xffffff7f8dc2d000, size 217088)

5. Workarounds?

So far we at least 4 possible workarounds that have been posted.

  • 1. Reset SMC (System Management Controller) NOTE: this only seems to help a very small handful of users.
  • 2. Disable Sleep when on Power– Check the box “Prevent Computer from sleeping automatically when the display is off”
  • 3. Disable Sleep when on Battery “Put hard disks to sleep when possible”
  • 4. Disable “Enable Power Nap While Plugged into a power adapter” or “Enable Power Nap while on battery power”

6. Reverting back to 10.15.1, 10.15.2 or 10.15.3?

Sometimes reverting back to a previous version of macOS can resolve the issue until Apple Releases a fix. A perfect example is the 2015-2017 Macbook Air & 2015 13″ MacBook Pro 5th Gen Intel GPU Freezing Issue. The issue will only affect you if you have the 2020-002 Security Update Installed. If you revert back to the 2020-001 Update your mac will be fine.

So far I have not seen any reports. If you have reverted back and that fixed the issue for you, please let me know. Also let me know if you reverted back and you still have the issue.

7. This has happened before. Wait a few days before installing updates.

This is not the first time Apple has pulled an update. They pulled High Sierra and Sierra 2019-002 Security Update this past March. It’s a good idea to wait at least a few days before you update.

mrmacintosh.com/apple-replaces-2019-002-security-updates-for-10-13-and-10-12-bridgeos-updates-also-show-as-new/

Another example is the GPU Freezing Issue that I noted above

mrmacintosh.com/2020-002-update-causes-some-macs-to-freeze-when-using-video-conf-apps/

8. Does Apple Know about this issue? Are they working on a fix?

Apple does know about the problem. Engineering is currently investigating the issue. This information comes from MacAdmins who have a Enterprise Support Ticket in with Apple.

Hopefully we get a 2nd Supplemental Update that fixes the issue soon.

9. Links

Apple Support Forum

MacRumors.com

Reddit.com

10. Credits – Hat Tips

MacAdmins Users for posting information about this issue.

  • rbursk
  • ehemmete
  • stephen

10.15.4 10.15.5 sleep Kernel Panic & 10.15.4 10.15.5 sleep Kernel Panic

Catalina 10.15.4 Supplemental Update (19E287) Released!

MrMacintosh.com - Apple Today Released macOS Catalina 10.15.4 Supplemental Update (19E287)
macOS Catalina 10.15.4 Supplemental Update (19E287) fixes 4 different issues.

Apple Today Released macOS Catalina 10.15.4 Supplemental Update (19E287)

UPDATE 4/24/20: Another issue found. On some Macs, the ComputerName and HostNames are being reset to default after installing the Supplemental update.

UPDATE 04/10/20: I have noticed increased traffic to my Mac BridgeOS DFU Restore Article. I looked around a bit found a small number of reports that the 10.15.4 Supplemental Update is Bricking T2 Macs. To the user the Mac seems dead. I had 3 different reports sent to me and found 3 other report posts. The good news is, a BridgeOS restore was able to bring some of the Macs back to life.

In a surprise today, Apple released a new Supplemental update for macOS Catalina 10.15.4. This update weighs in at 1.01gb and is available now for all 10.15.4 Catalina users. This update looks to fix 4 different issues. Apple also updated BridgeOS and re released a new installer.app, combo update and delta update.

The Catalina 10.15.4 Supplemental Update Includes the following fixes.

macOS Catalina 10.15.4 supplemental update improves the stability and security of your Mac.

  • Fixes an issue where Mac computers running macOS Catalina 10.15.4 could not participate in FaceTime calls with devices running iOS 9.3.6 and earlier or OS X El Capitan 10.11.6 and earlier
  • Resolves an issue where you may repeatedly receive a password prompt for an Office 365 account
  • Fixes an issue where MacBook Air (Retina, 13-inch, 2020) may hang in Setup Assistant or when disconnecting and reconnecting a 4K or 5K external display
  • Resolves an issue where a USB-C port in your Mac may become unresponsive

BridgeOS update

The T2 BridgeOS was updated in this macOS Catalina Supplemental Update.

T2 BridgeOS Version = 17.16.14281

Current and Previous Build Versions of 10.15

Links – Supplemental Update + Combo & Delta

Supplemental Update =

Size = 1.02gb

https://support.apple.com/kb/DL2038

Delta Update =

Size = 3.0gb

https://support.apple.com/kb/DL2036

Combo Update =

Size = 4.73gb

https://support.apple.com/kb/DL2037

If I deployed/cached the old 10.15.4 Installer.app for OS Upgrades, do I need to redeploy?

Do I have to replace my deployable 10.15 Installer.app? – Yes

If you deployed the old version of the 10.15.4 (19E266) Installer, you should update it to the new (19E287). If you don’t your users will have to install the New Catalina Supplemental Update after installing or upgrading.

Security Content

The Supplemental Update does not list any Published CVE entries.

MacOS Security Updates – Mojave 2020-002 & High Sierra 2020-002

Today, Apple released macOS Mojave Security Update 2020-002 and High Sierra Security Update 2020-002. Below you will find Build Versions, Download Links, Update Sizes and previous Security Update Links. MacOS Sierra is no longer supported by Apple for Security Updates.

How do I keep track of all the macOS Build Versions?

I document all of the macOS Build Versions like the latest Mojave 2020-002 High Sierra 2020-002 along with most Apple Applications, XProtect, Gatekeeper and MRT updates in one database. You can check out the link below.

mrmacintosh.com/macos-system-status-version-info-for-macadmins/

MacOS Mojave Security Update 2020-002 (18G4032)

Information on the Security fixes included in the 2020-002 Mojave Security Update

MacOS High Sierra Security Update 2020-002 (17G12034)

Information on the Security fixes included in the 2020-002 High Sierra Security Update

Safari Update

Safari was updated to version 13.1

Download Size for High Sierra = 66.2mb

Downloads Size for Mojave = 70.5mb

T2 BridgeOS Update

Both the 2020-002 and 2020-002 Security Updates upgrade BridgeOS to version – 17.16.14263

Security Content for Safari 13.1

https://support.apple.com/en-us/HT211104

Previous Releases

Security Related Content for 2020-002

Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra

Released March 24, 2020

AppleGraphicsControl

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple memory corruption issues were addressed with improved state management.

CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team

Bluetooth

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3907: Yu Wang of Didi Research America

CVE-2020-3908: Yu Wang of Didi Research America

CVE-2020-3912: Yu Wang of Didi Research America

Bluetooth

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3892: Yu Wang of Didi Research America

CVE-2020-3893: Yu Wang of Didi Research America

CVE-2020-3905: Yu Wang of Didi Research America

Bluetooth

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab

IOHIDFamily

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-3919: an anonymous researcher

IOThunderboltFamily

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to gain elevated privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: An application may be able to read restricted memory

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-3914: pattern-f (@pattern_F_) of WaCai

libxml2

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: Multiple issues in libxml2

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2020-3909: LGTM.com

CVE-2020-3911: found by OSS-Fuzz

libxml2

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: Multiple issues in libxml2

Description: A buffer overflow was addressed with improved size validation.

CVE-2020-3910: LGTM.com

Mail

Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A remote attacker may be able to cause arbitrary javascript code execution

Description: An injection issue was addressed with improved validation.

CVE-2020-3884: Apple

TCC

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: A maliciously crafted application may be able to bypass code signing enforcement

Description: A logic issue was addressed with improved restrictions.

CVE-2020-3906: Patrick Wardle of Jamf

Mojave 2020-002 High Sierra 2020-002

MrMacintosh.com - MacOS Mojave Security Update 2020-002 (18G4032), High Sierra Security Update 2020-002 (17G12034) and Safari 13.1. Security Notes, Download Links & more!
The Security Update 2020-002 for Mojave and High Sierra is now available.

Security Updates for macOS 10.14 & 10.13 are now Available.

Today, Apple released macOS Mojave Security Update 2020-002 and High Sierra Security Update 2020-002. Below you will find Build Versions, Download Links, Update Sizes and previous Security Update Links. MacOS Sierra is no longer supported by Apple for Security Updates.

How do I keep track of all the macOS Build Versions?

I document all of the macOS Build Versions like the latest Mojave 2020-002 High Sierra 2020-002 along with most Apple Applications, XProtect, Gatekeeper and MRT updates in one database. You can check out the link below.

mrmacintosh.com/macos-system-status-version-info-for-macadmins/

MacOS Mojave Security Update 2020-002 (18G4032)

Information on the Security fixes included in the 2020-002 Mojave Security Update

MacOS High Sierra Security Update 2020-002 (17G12034)

Information on the Security fixes included in the 2020-002 High Sierra Security Update

Safari Update

Safari was updated to version 13.1

Download Size for High Sierra = 66.2mb

Downloads Size for Mojave = 70.5mb

T2 BridgeOS Update

Both the 2020-002 and 2020-002 Security Updates upgrade BridgeOS to version – 17.16.14263

Security Content for Safari 13.1

https://support.apple.com/en-us/HT211104

Previous Releases

Security Related Content for 2020-002

Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra

Released March 24, 2020

AppleGraphicsControl

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple memory corruption issues were addressed with improved state management.

CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team

Bluetooth

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3907: Yu Wang of Didi Research America

CVE-2020-3908: Yu Wang of Didi Research America

CVE-2020-3912: Yu Wang of Didi Research America

Bluetooth

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3892: Yu Wang of Didi Research America

CVE-2020-3893: Yu Wang of Didi Research America

CVE-2020-3905: Yu Wang of Didi Research America

Bluetooth

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2019-8853: Jianjun Dai of Qihoo 360 Alpha Lab

IOHIDFamily

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-3919: an anonymous researcher

IOThunderboltFamily

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6

Impact: An application may be able to gain elevated privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2020-3851: Xiaolong Bai and Min (Spark) Zheng of Alibaba Inc. and Luyi Xing of Indiana University Bloomington

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: An application may be able to read restricted memory

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-3914: pattern-f (@pattern_F_) of WaCai

libxml2

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: Multiple issues in libxml2

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2020-3909: LGTM.com

CVE-2020-3911: found by OSS-Fuzz

libxml2

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: Multiple issues in libxml2

Description: A buffer overflow was addressed with improved size validation.

CVE-2020-3910: LGTM.com

Mail

Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3

Impact: A remote attacker may be able to cause arbitrary javascript code execution

Description: An injection issue was addressed with improved validation.

CVE-2020-3884: Apple

TCC

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3

Impact: A maliciously crafted application may be able to bypass code signing enforcement

Description: A logic issue was addressed with improved restrictions.

CVE-2020-3906: Patrick Wardle of Jamf

Mojave 2020-002 High Sierra 2020-002

What’s New in the macOS Catalina 10.15.4 Update (19E266)?

MrMacintosh.com - Today Apple released the macOS Catalina 10.15.4 Update (19E266). What's New? 12 New Features, 7 Resolved Issues, 20 Security Fixes & 7 Enterprise Fixes!
The macOS Catalina 10.15.4 Update is now available.

macOS Catalina 10.15.4 Update (19E266) is now Available.

10.15.4 is Catalina’s forth update, which is sometimes called the “Spring Release Update” is live!  MacOS Catalina 10.15.4 is now available for download as a full installer.app, delta and combo update. Let’s take a look at the Catalina 10.15.4 Update (19E266) to see what’s new.

UPDATED: 03/26/20

10.15.4 Patch Notes Summary

  • 12 New Features
  • 7 Resolved Issues
  • 20 Security Fixes
  • 7 Enterprise Content Fixes

Apple’s Public Patch Notes / Release Notes Documentation

NOTE: Apple Documentation takes a bit to come online, I will update when the articles are posted.

developer.apple.com/documentation/macos_release_notes

developer.apple.com/documentation/macos_release_notes/macos_catalina_10_15_4_release_notes

For more detailed information about this update and previous updates, please visit: https://support.apple.com/kb/HT210642

Previous 10.15 Releases + Previous Patch Notes

Catalina 10.15.4 Info & Download Links

Delta Update

Link – https://support.apple.com/kb/DL2036

Size = 2.97gb

Product ID = 061-72538

Requirements = 10.15.3

Combo Update

Link – https://support.apple.com/kb/DL2037

Size = 4.68gb

Product ID = 061-72538

Requirements = 10.15.0, 10.15.1, 10.15.2 or 10.15.3

Full Installer.app

Link – Catalina 10.15.4 Mac App Store

Size = 8.73gb

Product ID = 041-40615

Requirements – 10.15 Catalina Requirements

T2 BridgeOS Update

T2 BridgeOS was updated along with the 10.15.4 update.

BridgeOS Update = 17.16.14263

Security Content for Safari 13.1

https://support.apple.com/en-us/HT211104

New Apple Support Documents

About legacy system extensions in macOS Catalina

Some system extensions will not be compatible with a future version of macOS.

https://support.apple.com/en-us/HT210999

Prepare your Apple devices for working remotely

IT leaders can set up devices for team members to work remotely or from home.

https://support.apple.com/en-us/HT211111

Share folders with iCloud Drive

With folder sharing in iCloud Drive, you can share entire folders of files with friends, family, or colleagues. Then, you can work together on your iPhone, iPad, iPod touch, Mac, or iCloud.com.

https://support.apple.com/en-us/HT210910

If you use smart card to log in to your Mac and reset your Active Directory password from another computer

If you reset your Active Directory password from another computer and use smart card and FileVault, learn how to log in to your Mac in macOS Catalina 10.15.4 or later.

https://support.apple.com/en-us/HT211079

If Boot Camp Assistant says that your disk could not be partitioned

Boot Camp Assistant might say that an error occurred while partitioning the disk for Windows.

https://support.apple.com/en-us/HT209102

UPDATED:

If your Mac starts up to an Apple logo or progress bar

Your Mac shows an Apple logo when it finds your local startup disk, then shows a progress bar as the macOS startup or installation process continues.

https://support.apple.com/en-us/HT207019

If your macOS and iOS clients aren’t getting Apple push notifications

Learn what to do if your macOS and iOS clients don’t see Apple push notifications when connected to a network.

https://support.apple.com/en-us/HT203609

Use Apple products on enterprise networks

Learn which hosts and ports are required to use your Apple products on enterprise networks.

https://support.apple.com/en-us/HT210060

Catalina 10.15.4 Update (19E266) Overview

macOS Catalina 10.15.4 introduces iCloud Drive folder sharing, Screen Time communication limits, Apple Music time-synced lyrics view, and more. The update also improves the stability, reliability, and security of your Mac. 

Finder

  • iCloud Drive folder sharing from Finder
  • Controls to limit access only to people you explicitly invite, or to grant access to anyone with the folder link
  • Permissions to choose who can make changes and upload files, and who can only view and download files

Screen Time

  • Communication limits for controlling who your children can communicate with and be contacted by throughout the day and during downtime
  • Playback control of music videos for your children

Music

  • Time-synced lyrics view for Apple Music, including the ability to jump to your favorite part of a song by clicking a line in lyrics view

Safari

  • Option to import Chrome passwords into your iCloud Keychain for easy AutoFill of your passwords in Safari and across all your devices
  • Controls for duplicating a tab and for closing all tabs to the right of the current tab
  • HDR playback support on compatible computers for Netflix content

App Store with Apple Arcade

  • Universal Purchase support enables the use of a singular purchase of a participating app across iPhone, iPod touch, iPad, Mac, and Apple TV

Pro Display XDR

  • Customized reference modes that you can tailor to specific workflow needs by selecting from several color gamut, white point, luminance, and transfer function options

Accessibility

  • Head pointer preference for moving a cursor on the screen based on the precise movements of your head

This update also includes bug fixes and other improvements:

  • High Dynamic Range output to HDR10-compatible third-party displays and TVs connected with DisplayPort or HDMI
  • OAuth authentication support with Outlook.com accounts for improved security
  • CalDav migration support when upgrading to iCloud reminders on a secondary device 
  • Addresses an issue where text copied between apps may appear invisible when Dark Mode is active
  • Resolves an issue in Safari where a CAPTCHA tile may display incorrectly 
  • Fixes an issue where you may receive notifications for updated or completed reminders
  • Fixes an issue with screen brightness for the LG UltraFine 5K display after waking from sleep

Enterprise content:

  • Apple Push Notification Service traffic now uses a web proxy when specified in a PAC file
  • Resolves an issue where updating the login keychain password after resetting a user password would cause a new keychain to be created
  • After enabling ”Search directory services for certificates” in Keychain Access preferences, searching by email address in Keychain Access or Mail now locates a user certificate stored in directory services
  • When setting the DisableFDEAutoLogin key in com.apple.loginwindow, you can now sync your FileVault password with the Active Directory user password after updating the user password
  • Reinstates the ability to update or restore iOS, iPadOS, or tvOS devices by dragging .ipsw files to the device in an Apple Configurator 2 window
  • Addresses an issue where sending the EraseDevice MDM command might not cause the device to be erased
  • When logging in as an Active Directory user after using deferred FileVault enablement, the user is now prompted for their password to enable FileVault

Some features may not be available for all regions, or on all Apple devices.

Security Content for 10.15.4

https://support.apple.com/en-us/HT211100

  • NOTE: Listed below are only security fixes for 10.15, fixes for 10.13 and 10.14 are listed in my 2020-002 security update article.

     

    Apple HSSPI Support

    Available for: macOS Catalina 10.15.3

    Impact: An application may be able to execute arbitrary code with system privileges

    Description: A memory corruption issue was addressed with improved memory handling.

    CVE-2020-3903: Proteas of Qihoo 360 Nirvan Team

    AppleGraphicsControl

    Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

    Impact: A malicious application may be able to execute arbitrary code with kernel privileges

    Description: Multiple memory corruption issues were addressed with improved state management.

    CVE-2020-3904: Proteas of Qihoo 360 Nirvan Team

    AppleMobileFileIntegrity

    Available for: macOS Catalina 10.15.3

    Impact: An application may be able to use arbitrary entitlements

    Description: This issue was addressed with improved checks.

    CVE-2020-3883: Linus Henze (pinauten.de)

    Bluetooth

    Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

    Impact: A local user may be able to cause unexpected system termination or read kernel memory

    Description: An out-of-bounds read was addressed with improved input validation.

    CVE-2020-3907: Yu Wang of Didi Research America

    CVE-2020-3908: Yu Wang of Didi Research America

    CVE-2020-3912: Yu Wang of Didi Research America

    Bluetooth

    Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.3

    Impact: A malicious application may be able to execute arbitrary code with kernel privileges

    Description: A memory corruption issue was addressed with improved input validation.

    CVE-2020-3892: Yu Wang of Didi Research America

    CVE-2020-3893: Yu Wang of Didi Research America

    CVE-2020-3905: Yu Wang of Didi Research America

    Call History

    Available for: macOS Catalina 10.15.3

    Impact: A malicious application may be able to access a user’s call history

    Description: This issue was addressed with a new entitlement.

    CVE-2020-9776: Benjamin Randazzo (@____benjamin)

    CoreFoundation

    Available for: macOS Catalina 10.15.3

    Impact: A malicious application may be able to elevate privileges

    Description: A permissions issue existed. This issue was addressed with improved permission validation.

    CVE-2020-3913: Timo Christ of Avira Operations GmbH & Co. KG

    FaceTime

    Available for: macOS Catalina 10.15.3

    Impact: A local user may be able to view sensitive user information

    Description: A logic issue was addressed with improved state management.

    CVE-2020-3881: Yuval Ron, Amichai Shulman and Eli Biham of Technion – Israel Institute of Technology

    Icons

    Available for: macOS Catalina 10.15.3

    Impact: A malicious application may be able to identify what other applications a user has installed

    Description: The issue was addressed with improved handling of icon caches.

    CVE-2020-9773: Chilik Tamir of Zimperium zLabs

    Intel Graphics Driver

    Available for: macOS Catalina 10.15.3

    Impact: A malicious application may disclose restricted memory

    Description: An information disclosure issue was addressed with improved state management.

    CVE-2019-14615: Wenjian HE of Hong Kong University of Science and Technology, Wei Zhang of Hong Kong University of Science and Technology, Sharad Sinha of Indian Institute of Technology Goa, and Sanjeev Das of University of North Carolina

    IOHIDFamily

    Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

    Impact: A malicious application may be able to execute arbitrary code with kernel privileges

    Description: A memory initialization issue was addressed with improved memory handling.

    CVE-2020-3919: an anonymous researcher

    Kernel

    Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

    Impact: An application may be able to read restricted memory

    Description: A memory initialization issue was addressed with improved memory handling.

    CVE-2020-3914: pattern-f (@pattern_F_) of WaCai

    Kernel

    Available for: macOS Catalina 10.15.3

    Impact: A malicious application may be able to execute arbitrary code with kernel privileges

    Description: Multiple memory corruption issues were addressed with improved state management.

    CVE-2020-9785: Proteas of Qihoo 360 Nirvan Team

    libxml2

    Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

    Impact: Multiple issues in libxml2

    Description: A buffer overflow was addressed with improved bounds checking.

    CVE-2020-3909: LGTM.com

    CVE-2020-3911: found by OSS-Fuzz

    libxml2

    Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.3

    Impact: Multiple issues in libxml2

    Description: A buffer overflow was addressed with improved size validation.

    CVE-2020-3910: LGTM.com

    Mail

    Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.3

    Impact: A remote attacker may be able to cause arbitrary javascript code execution

    Description: An injection issue was addressed with improved validation.

    CVE-2020-3884: Apple

    sudo

    Available for: macOS Catalina 10.15.3

    Impact: An attacker may be able to run commands as a non-existent user

    Description: This issue was addressed by updating to sudo version 1.8.31.

    CVE-2019-19232

    TCC

    Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.3

    Impact: A maliciously crafted application may be able to bypass code signing enforcement

    Description: A logic issue was addressed with improved restrictions.

    CVE-2020-3906: Patrick Wardle of Jamf

    Time Machine

    Available for: macOS Catalina 10.15.3

    Impact: A local user may be able to read arbitrary files

    Description: A logic issue was addressed with improved state management.

    CVE-2020-3889: Lasse Trolle Borup of Danish Cyber Defence

    Vim

    Available for: macOS Catalina 10.15.3

    Impact: Multiple issues in Vim

    Description: Multiple issues were addressed by updating to version 8.1.1850.

    CVE-2020-9769: Steve Hahn from LinkedIn

macOS Catalina 10.15.4 Update

10.15.3 Update Erases /var/log Files – System, Custom & Vendor Logs

MrMacintosh.com - The 10.15.3 Update Erases almost all of the log files in /var/log - System, Custom & Vendor Logs
The 10.15.3 Update Erases almost all of the log files in /var/log – System, Custom & Vendor Logs

The 10.15.3-10.15.6 Update Erases Almost all /var/log files

UPDATE: 09/01/20 – The problem is still in the latest build of 10.15.6.

Think about the last issue time that you had an issue and needed to troubleshoot. Right off the bat, you would start looking over the logs to pinpoint the exact point of failure. After installing the Catalina 10.15.3 Update, it’s going to be a little harder to do that. Almost all the /var/log files have been erased and start over the minute after the 10.15.3 update finished installing.

10.15.3 Update Problems

This is my 4th article on 10.15.3 Combo Update issues. If you have not seen them yet, you can view them below.

Howard Oakley over at eclecticlight.co has also been tracking multiple issues. He is focused on new 10.15.3 Time Machine Problems.

Let’s take a closer look.

What the heck is going on here? Why would Apple delete important logs? This issue is most likely a bug in the combo update installer.

The test setup is pretty straight forward.

  • Build out a fresh 10.15.2 system
  • Verify system log creation times
  • Create a custom .log file
  • Verify 3rd Party Vendor Log times
  • Update to 10.15.3
  • Find that almost all /var/log files are erased.

Which log files are erased and which ones are spared?

Erased Log Files in /var/log

  • System.log
  • WiFi.log
  • Jamf.log
  • Alf.log
  • fsck_apfs.log
  • fsck_apfs_error.log
  • Applefirewall.log
  • Cups, Bluetooth, Powermanagement & Display Policy logs

Spared Log files in /var/log

  • Install.log
  • .gz and .bz System and wifi zipped backup files

All log files have the exact “Created” date and time when the 10.15.3 combo update was installing.

MrMacintosh.com - Almost all /var/log files erased and have the same "Created time". The install.log was spared.
Almost all /var/log files erased and have the same “Created time”. The install.log was spared.

What can I do about this?

Let Apple know about this! Hopefully this can be fixed in 10.15.4!

Until then you probably want your log files. The best thing you can do for now is to run a Jamf policy that will backup your /var/log files. We install our updates with a Jamf policy.

Right before we kick off softareupdate -iaR we backup all /var/log files to a temporary directory. We put them back with a LaunchDaemon that kicks off after the combo update reboot.

I hope that these articles have helped you! If you have any questions, leave a comment below or Contact Me.

10.15.3 Combo & Security Updates are not Creating Backup Snapshots

MrMacintosh.com - 10.15.3 Combo & Security Updates no Longer Creating Restore Snapshots + 10.15.3 Update Deletes All Previous tmutil localsnapshots
10.15.3 Combo & Security Updates are no Longer Creating Restore Snapshots + 10.15.3 Update Deletes All Previous tmutil localsnapshots /

The 10.15.3 Combo & Security Update Automatic Backup Snapshots are no Longer Created.

UPDATE: 5/15/20 – A few questions came up on MacAdmins Slack about the current state of Automatic Snapshots today. To clarify, the following is now true.

  • Automatic Update Snapshots are no longer automatically created during the 10.15.3+ Combo but ARE for 10.14 & 10.13 Security Updates
  • The 10.15.3+ Combo Update REMOVES previous manual localsnapshots.
  • 10.14 & 10.13 Security Updates do NOT remove previous manual snapshots.
  • Automatic Snapshots were never taken during an OS Upgrade.

UPDATE: 4/24/20 – Apple has removed the “Restore from snapshot” feature description from apple.com/macos/catalina/features! This means that the feature is no longer available in Catalina. I really hope Apple can fix this.

The APFS Update Automatic Snapshot was a new option offered when Apple released APFS in macOS 10.13 High Sierra. If you were worried about something going wrong after installing a macOS Combo or Security update, you could always fall back to a backup taken right before the update. The process was automatic and was performed by the Combo Update and Security Update Installer. To restore, all you needed to do is, boot to the recovery partition and restore to a tmutil localsnapshot / right before the update.

NOTE: you only have 24 hours to restore or the snapshot is automatically deleted.

Apple explains how this works below.

Automatic Update Backup Snapshots are no Longer Working.

Something happened in the latest set of Apple updates released on January 28th. The Automatic Backup Snapshots are no longer working!!! At first, I thought it only happened on the 10.15.3 Combo update. I then checked the 2020-001 Security Update on High Sierra and it’s not working either!

I found this out while I was writing another article on Catalina Logs. I built a 10.15.2 device and updated it to 10.15.3. I booted to recovery to restore the from the automatic snapshot only to find that it was missing!

Manual tmutil localsnapshots are deleted during the 10.15.3 Update installation!

Ok, what would happen if I created a manual snapshot before the update? If the automatic snapshot is not working, I could get by with just creating one right before I install the 10.15.3 combo update.

MrMacintosh.com - Manual tmutil localsnapshot / created before the 10.15.3 combo update.
Manual tmutil localsnapshot / created before the 10.15.3 combo update.

After installing the 10.15.3 Combo Update, I booted back into Recovery only to find that the manual tmutil localsnapshot / that I created was gone!!!

What should happen after the update.

Below is what you should see if you booted to recovery after a combo or security update. The below example is a backup snapshot taken by the 10.14.2 Combo Update.

MrMacintosh.com - automatic update backup localsnapshot
This is what you should see if you booted to recovery after a combo or security update. (within 24 hours after the update install)

Let’s take a look at the logs

What do the logs say? Well first I would like to see what a successful snapshot says. Searching the install.log, I found exactly what I was looking for.

MrMacintosh.com - 10.14 Automatic Snapshot.
That is just what I’m looking for. The automatic snapshot was taken right before the installation.

Let’s take a closer look to see what’s happening during the 10.15.3 combo update install. Looking at the install.log again, I found this entry.

MrMacintosh.com - 10.15.3 purges localsnapshots
The 10.15.3 Combo Update purging snapshots.

There it is, the Installer is purging available snapshots on /Volumes/Macintosh HD. The 10.15.3 install.log does not contain any of the log items like the one from 10.14.

The good news is that the (2020-001) 10.14 and 10.13 Security Update installers do NOT purge your manual tmutil localsnapshots.

What’s going on, is this a bug?

I am not totally sure what’s going on here, if I had to guess this a bug. I wanted to let you know about this. The last thing you want to do is rely on that automatic backup snapshot only to find out it was never created.

Either way, please let Apple know about this!

If you have any questions or comments please Contact Me or leave a note below. Thanks!

Catalina 10.15.3 Update Reverts Custom pam.d & sshd_config Settings

MrMacintosh.com - If you set custom /etc/pam.d or sshd_config settings be sure to re apply the after the 10.15.3 update!
If you set custom /etc/pam.d or sshd_config settings be sure to re apply the after the 10.15.3 update!

If you use custom pam.d or sshd_config settings, you will need to apply them again after the 10.15.3 Update.

Apple allows us to set multiple custom settings using pam.d configuration files. We can use pam.d configuration files to set different options for, sudo, login, su, screensaver& Smart Card.

If you are looking for a good explanation on what pam.d files are, check out this link. https://www.linux.com/news/understanding-pam/

Custom /etc/pam.d Configuration Settings

The following is a few examples of what you would set in the pam.d configuration files.

  • /etc/pam.d/screensaver = Set the screensaver window to allow the local admin to get past the Mobile Account password lock.
  • /etc/pam.d/sudo = Enable smart card-only for the sudo command.
  • /etc/pam.d/sudo = Enable Touch ID for the SUDO command
  • /etc/pam.d/su = Enable smart card-only for the SU command
  • /etc/pam.d/login = Enable smart card-only for the LOGIN command

Custom /etc/ssh/sshd_config Settings

The same goes for the the /etc/ssh/sshd_config file. This file can be used to set custom ssh settings.

  • Set SSH Banner File (so ssh users see a banner warning message)
  • SSH HostKey Settings
  • SSH Logging
  • SSH Authentication
  • Kerberos Options
  • PAM Authentication

In comes the Catalina 10.15.3 Update, only to revert everything!

I started noticing reports of pam.d and sshd_config settings getting reverted back about a day after the 10.15.3 update went live.

For those who’ve modified /etc/pam.d/sudo to enable Touch ID for sudo auth, looks like 10.15.3 reverted this to stock.

MacAdmins user markcohen – 01/30/20

Other MacAdmins started to check and confirm that the same thing. Some of the specific settings revolved around Smart Card controls. Apple explains the Smart Card settings in the document below.

https://support.apple.com/en-us/HT208372

Allen Golbig then noted that the same thing happened to the /etc/ssh/sshd_configfile!

Is it normal for /etc/ssh/sshd_config to revert during point updates?

MacAdmins user golby – 01/31/20

The test and verification

When reporting issues like this, it’s important to verify the problem as much as possible. For this test, I built out a fresh copy of 10.15.2. I then edited the following files.

  • /etc/pam.d/su
  • /etc/pam.d/sudo
  • /etc/pam.d/login
  • /etc/pam.d/screensaver
  • /etc/ssh/sshd_config

I modified the files using pico and set some of the Apple recommended settings. I noted the modification date of all the files and tested to make sure the modifications worked.

I then used softwareudpate to install the 10.15.3 update.

Results

Sure enough, after the 10.15.3 update was finished, I checked the files and all 5 of them were reset back to the original modification date of

Nov 9 2019 at 4:xx AM

This problem may not be “New”

I noted in my previous article that some of the pam.d files were reverted back to stock on twitter. A few users noted that this issue is not new and has happened in previous updates. I can’t verify if this is true right now but would like to hear from you if noticed this.

I hope Apple will fix the update process so it will not revert our custom settings.

If you have noticed other custom settings that were reverted by the latest Catalina update, let me know below!

Catalina 10.15.3 Update Breaks AD Domain Users Admin & sudo Access

MrMacintosh.com - 10.15.3 Update Breaks Active Directory Domain Users Admin and sudo Access.
10.15.3 Update Breaks Active Directory Domain Users Admin and sudo Access.

The Catalina 10.15.3 Update Breaks Active Directory Domain Users Admin and sudo Access.

The macOS Catalina 10.15.3 Update is only about two days old and is already receiving mixed reviews.

The GOOD:

The BAD:

Have you noticed anything new that is fixed or broken in the new update? Let me know!

Active Directory Domain Admin Access Removed!

This issue was first reported in the MacAdmins Slack a few hours after the 10.15.3 update was release.

I just installed the 10.15.3 update and now I can’t admin elevate using an AD domain account. This was working this morning pre-update and nothing has changed on the AD domain.

The domain account is in a security group that is set in Directory Utility > Active Directory as allowing administration. I can authenticate with the account successfully in Terminal using su, it’s just the admin rights that are broken.

MacAdmin User aaron

A few other users started to report the same issue after Aaron did.

Let’s Examine the issue.

The issue will most likely be reported by a user who says this…

I updated to 10.15.3 and when I use sudo I get this error.

User is not in the sudoers file. This incident will be reported.

Reported to who? Am I in trouble now???

User

Let’s check to see if Active Directory Group “Domain Admins” has admin access on your Mac.

/usr/sbin/dsconfigad -show

This command will give you a list of all your Active Directory Settings.

The screenshot below is what you will see AFTER the 10.15.3 Update.

MrMacintosh.com - 10.15.3 Active Directory Domain Admins sudo problem.
The Domain Users group group was removed and is now “not set”

This is what you SHOULD see.

MrMacintosh.com - 10.15.3 Active Directory Domain Admins sudo problem.
This is what you SHOULD see, Allowed admin groups = domain admins.

Quick and easy command to show just the Allowed admin groups value.

/usr/sbin/dsconfigad -show | /usr/bin/awk -F= '/Allowed admin groups/ { print $2 }' | /usr/bin/awk '{$1=$1};1'

HT goes out to Eric Holtam (@eholtam) for the command!

You could still have the issue even if “Allowed admin groups” shows domain admins.

In one of my tests to confirm this issue after the 10.15.3 update finished, I still had the domain admins group but my admin access did not work.

Do you use a custom Active Directory Admin Global Group ?

What if you use a custom AD group like “Pretendo_Admins” ?

You can have the same issue.

I did not have this issue after updating

Did you use a profile to bind? This is one example that I was unable to test.

Was the Mac connected to your directory for a few hours -1 day ? See Fix #3 below, it’s possible that the AD connector refreshed your information.

How can I fix this Problem?

The issue can be fixed in 3 ways.

  • Re-Bind to Active Directory
  • Run dsconfigad to set the group access again
  • WAIT – It was reported that the issue is fixed automatically after the Mac is left online for a certain amount of time. The configuration is refreshed. – Thanks to MacAdmins user awickert for testing this out.

To reset the domain group setting run this command.

dsconfigad -groups "DOMAIN\domain admins"

NOTE: If you use a custom AD Global group for admin adccess you need to replace domain admins with your custom group.

dsconfigad -groups "DOMAIN\Pretendo_Admins"

You can now run dsconfgad -show then check the Allowed admin groups and it should say = domain admins or your custom group.

You can also run this command to double verify the user now has admin access. (Thank you to a well known MacAdmins wizard for this command)

dsmemberutil checkmembership -U USERNAMEHERE -G admin

If the command worked you will see

user is a member of the group

If not, you will see

user is not a member of the group

MacOS Security Updates – Mojave 2020-001 & High Sierra 2020-001

MrMacintosh.com - MacOS Security Updates - Mojave 2020-001, High Sierra 2020-001 & Safari 13.0.5
MacOS Security Updates – Mojave 2020-001, High Sierra 2020-001 & Safari 13.0.5

On January 28th, Apple released macOS Mojave Security Update 2020-001 and High Sierra Security Update 2020-001. Below you will find Build Versions, Download Links, Update Sizes and previous Security Update Links. MacOS Sierra is no longer supported.

How do I keep track of all the macOS Build Versions?

I document all of the macOS Build Versions like the latest Mojave 2020-001 High Sierra 2020-001 along with most Apple Applications, XProtect, Gatekeeper and MRT updates in one database. You can check out the link below.

mrmacintosh.com/macos-system-status-version-info-for-macadmins/

MacOS Mojave Security Update 2020-001 (18G3020)

Information on the Security fixes included in the 2020-001 Mojave Security Update

HT goes out to Dan Kuehling, for the Mojave Security Update Build Version! HT goes out to Nicolas Aragone, Ian Trimnell & Joost-Wim for sending over the Security Update Download Links!

MacOS High Sierra Security Update 2020-001 (17G11023)

Information on the Security fixes included in the 2020-001 High Sierra Security Update

Safari Update

Safari was updated to version 13.0.5

Download Size for High Sierra = 67.9

Downloads Size for Mojave = 68.9

T2 BridgeOS Update

Both the 2020-001 and 2020-001 Security Updates upgrade BridgeOS to version – 17.16.13050

Previous Releases

Security Related Content for 2020-001

  • 19 – Security Content Related Fixes for 10.14 and 10.13

apache_mod_php

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: Multiple issues in PHP

Description: Multiple issues were addressed by updating to PHP version 7.3.11.

CVE-2019-11043

CoreBluetooth

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3848: Jianjun Dai of Qihoo 360 Alpha Lab

CVE-2020-3849: Jianjun Dai of Qihoo 360 Alpha Lab

CVE-2020-3850: Jianjun Dai of Qihoo 360 Alpha Lab

CoreBluetooth

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: A remote attacker may be able to leak memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3847: Jianjun Dai of Qihoo 360 Alpha Lab

Crash Reporter

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2

Impact: A malicious application may be able to access restricted files

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2020-3835: Csaba Fitzl (@theevilbit)

Image Processing

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3827: Samuel Groß of Google Project Zero

ImageIO

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3826: Samuel Groß of Google Project Zero

CVE-2020-3870

CVE-2020-3878: Samuel Groß of Google Project Zero

Intel Graphics Driver

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-3845: Zhuo Liang of Qihoo 360 Vulcan Team

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2020-3875: Brandon Azad of Google Project Zero

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A type confusion issue was addressed with improved memory handling.

CVE-2020-3853: Brandon Azad of Google Project Zero

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: A malicious application may be able to determine kernel memory layout

Description: An access issue was addressed with improved memory management.

CVE-2020-3836: Brandon Azad of Google Project Zero

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-3842: Ned Williamson working with Google Project Zero

CVE-2020-3871: Corellium

libxml2

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow was addressed with improved size validation.

CVE-2020-3846: Ranier Vilela

libxpc

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: Processing a maliciously crafted string may lead to heap corruption

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3856: Ian Beer of Google Project Zero

libxpc

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-3829: Ian Beer of Google Project Zero

PackageKit

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: A malicious application may be able to overwrite arbitrary files

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2020-3830: Csaba Fitzl (@theevilbit)

sudo

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: Certain configurations may allow a local attacker to execute arbitrary code

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2019-18634: Apple

System

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6

Impact: A malicious application may be able to overwrite arbitrary files

Description: An access issue was addressed with improved access restrictions.

CVE-2020-3855: Csaba Fitzl (@theevilbit)

Wi-Fi

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3843: Ian Beer of Google Project Zero

wifivelocityd

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: An application may be able to execute arbitrary code with system privileges

Description: The issue was addressed with improved permissions logic.

CVE-2020-3838: Dayton Pidhirney (@_watbulb)

Mojave 2020-001 High Sierra 2020-001

What’s New in the macOS Catalina 10.15.3 Update (19D76)?

MrMacintosh.com - macOS Catalina 10.15.3 Update (19D76) is now Available
macOS Catalina 10.15.3 Update (19D76) is now Available

macOS Catalina 10.15.3 Update (19D76) is now Available.

10.15.3 is Catalina’s third update and was released about a month and a half after the 10.15.2 Update. MacOS Catalina 10.15.3 is now available for download as a full installer.app, delta and combo update. Let’s take a look at the Catalina 10.15.3 Update (19D76) to see what’s new.

10.15.3 Patch Notes Summary

  • 1 Known Issue
  • 1 Undocumented Fix
  • 2 Resolved Issues
  • EDIT: 23 Security Fixes

Apple’s Public Patch Notes / Release Notes Documentation

developer.apple.com/documentation/macos_release_notes

developer.apple.com/documentation/macos_release_notes/macos_catalina_10_15_3_release_notes

For more detailed information about this update and previous updates, please visit: https://support.apple.com/kb/HT210642

Previous 10.15 Releases + Previous Patch Notes

Catalina 10.15.3 Info & Download Links

Delta Update

Link https://support.apple.com/kb/DL2029

Size = 2.99gb

Product ID = 061-62842

Requirements = 10.15.2

Combo Update

Link –https://support.apple.com/kb/DL2030

Size = 4.59gb

Product ID = 061-62853

Requirements = 10.15.0, 10.15.1 or 10.15.2

HT to Howard Oakley for the download links!!

https://eclecticlight.co/2020/01/28/apple-has-released-macos-catalina-10-15-3-and-security-updates-for-mojave-and-high-sierra/

Full Installer.app

Link – Catalina 10.15.3 Mac App Store

Size = 8.67gb

Product ID = 061-44387

Requirements – 10.15 Catalina Requirements

T2 BridgeOS Update

T2 BridgeOS was updated along with the 10.15.3 update.

BridgeOS Update = 17.16.13050

Catalina 10.15.3 Update (19D76) Overview

The macOS Catalina 10.15.3 update improves the stability, reliability and security of your Mac, and is recommended for all users.
This update: 

  • Optimizes gamma handling of low gray levels on Pro Display XDR for SDR workflows when using macOS
  • Improves multi-stream video editing performance for HEVC and H.264 encoded 4K video on the 16-inch MacBook Pro (2019)

Undocumented Fix – Mail.app Data loss bug is reportedly fixed.

https://mjtsai.com/blog/2019/10/11/mail-data-loss-in-macos-10-15/

Security Content for 10.15.3

https://support.apple.com/en-us/HT210919

  • EDIT: removed 4 10.14 and 10.13 only fixes = 23 Security Content Related Fixes

AnnotationKit

Available for: macOS Catalina 10.15.2

Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3877: an anonymous researcher working with Trend Micro’s Zero Day Initiative

apache_mod_php

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: Multiple issues in PHP

Description: Multiple issues were addressed by updating to PHP version 7.3.11.

CVE-2019-11043

Audio

Available for: macOS Catalina 10.15.2

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team

autofs

Available for: macOS Catalina 10.15.2

Impact: Searching for and opening a file from an attacker controlled NFS mount may bypass Gatekeeper

Description: This was addressed with additional checks by Gatekeeper on files mounted through a network share.

CVE-2020-3866: Jose Castro Almeida (@HackerOn2Wheels) and René Kroka (@rene_kroka)

Crash Reporter

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2

Impact: A malicious application may be able to access restricted files

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2020-3835: Csaba Fitzl (@theevilbit)

Image Processing

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3827: Samuel Groß of Google Project Zero

ImageIO

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-3826: Samuel Groß of Google Project Zero

CVE-2020-3870

CVE-2020-3878: Samuel Groß of Google Project Zero

Intel Graphics Driver

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-3845: Zhuo Liang of Qihoo 360 Vulcan Team

IOAcceleratorFamily

Available for: macOS Catalina 10.15.2

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-3837: Brandon Azad of Google Project Zero

IPSec

Available for: macOS Catalina 10.15.2

Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution

Description: An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking.

CVE-2020-3840: @littlelailo

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2020-3875: Brandon Azad of Google Project Zero

Kernel

Available for: macOS Catalina 10.15.2

Impact: An application may be able to read restricted memory

Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-3872: Haakon Garseg Mørk of Cognite and Cim Stordal of Cognite

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: A malicious application may be able to execute arbitrary code with system privileges

Description: A type confusion issue was addressed with improved memory handling.

CVE-2020-3853: Brandon Azad of Google Project Zero

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: A malicious application may be able to determine kernel memory layout

Description: An access issue was addressed with improved memory management.

CVE-2020-3836: Brandon Azad of Google Project Zero

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-3842: Ned Williamson working with Google Project Zero

CVE-2020-3871: Corellium

libxpc

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: Processing a maliciously crafted string may lead to heap corruption

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3856: Ian Beer of Google Project Zero

libxpc

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: An application may be able to gain elevated privileges

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-3829: Ian Beer of Google Project Zero

PackageKit

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: A malicious application may be able to overwrite arbitrary files

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2020-3830: Csaba Fitzl (@theevilbit)

Security

Available for: macOS Catalina 10.15.2

Impact: An application may be able to execute arbitrary code with system privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2020-3854: Jakob Rieck (@0xdead10cc) and Maximilian Blochberger of the Security in Distributed Systems Group of University of Hamburg

sudo

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: Certain configurations may allow a local attacker to execute arbitrary code

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2019-18634: Apple

Wi-Fi

Available for: macOS Catalina 10.15.2

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2020-3839: s0ngsari of Theori and Lee of Seoul National University working with Trend Micro’s Zero Day Initiative

Wi-Fi

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: A memory corruption issue was addressed with improved input validation.

CVE-2020-3843: Ian Beer of Google Project Zero

wifivelocityd

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2

Impact: An application may be able to execute arbitrary code with system privileges

Description: The issue was addressed with improved permissions logic.

CVE-2020-3838: Dayton Pidhirney (@_watbulb)

Mastodon