Monday, June 1, 2020

macOS 10.15.5 Supplemental Update

Juli Clover (also: Mr. Macintosh, Hacker News):

According to the security notes for the update, it addresses a security flaw that could allow an application to execute arbitrary code with kernel privileges.

This is the same vulnerability that has been addressed in today’s iOS 13.5.1, tvOS 13.4.6, and watchOS 6.2.6 updates, and it allowed for the unc0ver jailbreak that allegedly works on all versions of iOS, including iOS 13.5.

It’s also patched for macOS 10.13 but not for 10.14, which supports the theory that this was an old bug that got fixed in iOS 12 and macOS 10.14 and then came back.

Luca Moro (via Jeff Johnson):

During late 2018, we published the details about a XNU kernel vulnerability that we dubbed lightspeed. This vulnerability started as a racy UaF in the syscall lio_listio that allows the liberation of a kernel object twice. You can read all the details about it in our post.

This vulnerability was patched early in iOS 12 and 11.4.1 was the last vulnerable iOS version.


In the blogpost we explained that, while the issue was fixed, a memory leak was introduced, and it was now possible to force the kernel to panic.

The APFS bug from macOS 10.15.5 does not seem to be fixed, but Carbon Copy Cloner has found a workaround.


Comments RSS · Twitter

Leave a Comment