June 2 update, post originally published June 1.
Last week saw Apple release MacOS Catalina version 10.15.5; a surprising move so close to the Virtual WWDC later this month and the expected announcement of MacOS 10.16. Nevertheless Tim Cook and his team pushed out the update with a number of security updates, and the addition of the battery health software.
The surprises keep on coming, with a ‘supplemental release’ today of 10.15.5 with ‘important security updates’.
Update June 2: It looks like Apple is far from done with MacOS Catalina. Not only has this week seen the supplementary update to the desk-bound operating system, but the MacOS development team have released a beta version of MacOS 10.15.6 to developers and those signed up to the beta program.
At the moment Apple’s release notes echo the now familiar ‘bug fixes and improvements’ in the package. No doubt there are other changes in the code, and a closer examination will no doubt reveal Apple’s net steps with the platform.
With Apple’s virtual WWDC coming up on the horizon, we may hear more on the new features by the end of the month. Or it could be more preparatory work that will allow MacOS to run on the current Intel processors and the upcoming inclusion of ARM processors on the Mac platform.
FILE – In this Thursday, Oct. 27, 2016, file photo, a guest looks at the Touch Bar on a MacBook … [+]
Apple’s support pages offer more details on the changes, which have been made to the kernel:
- Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.5
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory consumption issue was addressed with improved memory handling.
- CVE-2020-9859: unc0ver
The nature of the changes and the inclusion of MacOS High Sierra suggests that either something has slipped through the quality control net, or a serious exploit has come to Apple’s attention in the last few days.
Speculation will no doubt fall on the ‘Sign In With Apple’ flaw which saw Apple pay a $100,00 bounty. Forbes’ Davey Winder:
“With the vulnerability already now patched by Apple on the server-side, Bhavuk Jain published his disclosure of the security shocker on May 30. Although the vulnerability related only to third-party apps which used Sign in with Apple without taking any further security measures, it’s shocking for two reasons.”
Those reasons being the breadth of the attack and what it could open up to a hacker, and Apple’s inability to catch this flaw during testing.