{"id":33609,"date":"2021-09-13T16:14:25","date_gmt":"2021-09-13T20:14:25","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=33609"},"modified":"2022-11-10T12:25:17","modified_gmt":"2022-11-10T17:25:17","slug":"macos-11-6","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/09\/13\/macos-11-6\/","title":{"rendered":"macOS 11.6"},"content":{"rendered":"

Juli Clover<\/a>:<\/p>\n

According to Apple’s release notes, macOS Big Sur improves the security of macOS and is recommended for all users. Apple has also released security update 2021-005 for macOS Catalina, and both updates address an issue that could allow a maliciously crafted PDF to execute code. Apple says that it is aware of a report that this bug may have been actively exploited.<\/p><\/blockquote>\n

It’s unclear why this update isn’t numbered 11.5.3. It was also weird in that the Update Now button was disabled for me in Software Update even though the text said that the update was available. I had to click the text to see the sheet with the list of updates and then click the checkbox next to it before macOS would start downloading the update.<\/p>\n\n

Apple<\/a>:<\/p>\n

\n

This document describes the security content of macOS Big Sur 11.6.<\/p>\n<\/blockquote>\n\n

Howard Oakley<\/a>:<\/p>\n

Congratulations to Mikey @0xmachos, who has worked out that the PDF vulnerability is most probably the same as the Megalodon\/FORCEDENTRY iMessage zero click exploit, involving a bug in CoreGraphics decoding JBIG2-encoded data in a PDF file.<\/p><\/blockquote>\n\n

See also: Mr. Macintosh<\/a> (tweet<\/a>).<\/p>\n\n

Previously:<\/p>\n