On January 28th, Apple released macOS Mojave Security Update 2020-001 and High Sierra Security Update 2020-001. Below you will find Build Versions, Download Links, Update Sizes and previous Security Update Links. MacOS Sierra is no longer supported.
How do I keep track of all the macOS Build Versions?
I document all of the macOS Build Versions like the latest Mojave 2020-001 High Sierra 2020-001 along with most Apple Applications, XProtect, Gatekeeper and MRT updates in one database. You can check out the link below.
mrmacintosh.com/macos-system-status-version-info-for-macadmins/
MacOS Mojave Security Update 2020-001 (18G3020)
- macOS Mojave Security Update 2020-001
- Size = 1.62gb
- Package Download and Information Link
- https://support.apple.com/kb/DL2031
Information on the Security fixes included in the 2020-001 Mojave Security Update
HT goes out to Dan Kuehling, for the Mojave Security Update Build Version! HT goes out to Nicolas Aragone, Ian Trimnell & Joost-Wim for sending over the Security Update Download Links!
MacOS High Sierra Security Update 2020-001 (17G11023)
- 10.13.6 High Sierra Security Update 2020-001 (17G11023)
- Size = 1.92gb
- Package Download and Information Link
- https://support.apple.com/kb/DL2032
Information on the Security fixes included in the 2020-001 High Sierra Security Update
Safari Update
Safari was updated to version 13.0.5
Download Size for High Sierra = 67.9
Downloads Size for Mojave = 68.9
T2 BridgeOS Update
Both the 2020-001 and 2020-001 Security Updates upgrade BridgeOS to version – 17.16.13050
Previous Releases
- 1. MacOS Security Updates released 12/10/19 – Mojave 2019-002 (18G2022) & High Sierra 2019-007 (17G10021)
- 2.Security Updates released 10/31/19 – Mojave 2019-001 (18G1012) & HS 2019-006 (17G9016)
- 3. macOS updates released 9/26/19 – 10.14.6 Mojave #3 (18G103) – 10.13 & 10.12 (2019-005)
- 4. macOS updates released 7/22/19 – 10.14.6 Mojave (18G84)- 10.13 & 10.12 2019-004)
- 5. macOS updates released 5/13/19 – 10.14.5 Mojave (18F132) – 10.13. & 10.12 (2019-003)
- 6. macOS updates released 3/25/19 – 10.14.4 Mojave (18E226) – 10.13 & 10.12 (2019-002)
Security Related Content for 2020-001
- 19 – Security Content Related Fixes for 10.14 and 10.13
apache_mod_php
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP version 7.3.11.
CVE-2019-11043
CoreBluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3848: Jianjun Dai of Qihoo 360 Alpha Lab
CVE-2020-3849: Jianjun Dai of Qihoo 360 Alpha Lab
CVE-2020-3850: Jianjun Dai of Qihoo 360 Alpha Lab
CoreBluetooth
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3847: Jianjun Dai of Qihoo 360 Alpha Lab
Crash Reporter
Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2020-3835: Csaba Fitzl (@theevilbit)
Image Processing
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3827: Samuel Groß of Google Project Zero
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3826: Samuel Groß of Google Project Zero
CVE-2020-3870
CVE-2020-3878: Samuel Groß of Google Project Zero
Intel Graphics Driver
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3845: Zhuo Liang of Qihoo 360 Vulcan Team
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-3875: Brandon Azad of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A type confusion issue was addressed with improved memory handling.
CVE-2020-3853: Brandon Azad of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to determine kernel memory layout
Description: An access issue was addressed with improved memory management.
CVE-2020-3836: Brandon Azad of Google Project Zero
Kernel
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3842: Ned Williamson working with Google Project Zero
CVE-2020-3871: Corellium
libxml2
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved size validation.
CVE-2020-3846: Ranier Vilela
libxpc
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Processing a maliciously crafted string may lead to heap corruption
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3856: Ian Beer of Google Project Zero
libxpc
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-3829: Ian Beer of Google Project Zero
PackageKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to overwrite arbitrary files
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2020-3830: Csaba Fitzl (@theevilbit)
sudo
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Certain configurations may allow a local attacker to execute arbitrary code
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2019-18634: Apple
System
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A malicious application may be able to overwrite arbitrary files
Description: An access issue was addressed with improved access restrictions.
CVE-2020-3855: Csaba Fitzl (@theevilbit)
Wi-Fi
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3843: Ian Beer of Google Project Zero
wifivelocityd
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: The issue was addressed with improved permissions logic.
CVE-2020-3838: Dayton Pidhirney (@_watbulb)
Mojave 2020-001 High Sierra 2020-001
