Hardware Security. Secure software requires a foundation of security built into hardware. Download Apple Security Update Server for Mac - An easy to install software package that enables you to quickly deploy the latest security fixes made available by apple for the Mac OS X servers.
Apple Security Update 2020-003 - For macOS High Sierra. Download the latest versions of the best Mac apps at safe and trusted MacUpdate. For information about earlier security updates, see these documents: Apple security updates (2015) Apple security updates (2014) Apple security updates (2013) Apple security updates (2011 to 2012) Apple security updates (2010) Apple security updates (15 Jan 2008 to 03 Dec 2009) Apple security updates (25 Jan 2005 to 21 Dec 2007). Apple Maps editors have worked with trusted brands and partners to offer Guides for great places around the world to eat, shop, and explore. 3 You can save Guides, and they automatically update.
Security Update 2017-006 is recommended for all users and improves the security of OS X.
This update includes the following improvements:
afclip
- Available for: macOS Sierra 10.12.5
- Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
- Description: A memory corruption issue was addressed through improved input validation.
- CVE-2017-7016: riusksk (泉哥) of Tencent Security Platform Department
afclip
Available for: macOS Sierra 10.12.5
- Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7033: riusksk (泉哥) of Tencent Security Platform Department
AppleGraphicsPowerManagement
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7021: sss and Axis of Qihoo 360 Nirvan Team
Audio
- Available for: macOS Sierra 10.12.5
- Impact: Processing a maliciously crafted audio file may disclose restricted memory
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7015: riusksk (泉哥) of Tencent Security Platform Department
Bluetooth
- Available for: macOS Sierra 10.12.5
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7050: Min (Spark) Zheng of Alibaba Inc.
- CVE-2017-7051: Alex Plaskett of MWR InfoSecurity
Bluetooth
- Available for: macOS Sierra 10.12.5
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7054: Alex Plaskett of MWR InfoSecurity, Lufeng Li of Qihoo 360 Vulcan Team
Contacts
- Available for: macOS Sierra 10.12.5
- Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
- Description: A buffer overflow issue was addressed through improved memory handling.
- CVE-2017-7062: Shashank (@cyberboyIndia)
CoreAudio Macbook scanner software.
- Available for: macOS Sierra 10.12.5
- Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution
- Description: A memory corruption issue was addressed with improved bounds checking.
- CVE-2017-7008: Yangkang (@dnpushme) of Qihoo 360 Qex Team
curl
- Available for: macOS Sierra 10.12.5
- Impact: Multiple issues in curl
- Description: Multiple issues were addressed by updating to version 7.54.0.
- CVE-2016-9586
- CVE-2016-9594
- CVE-2017-2629
- CVE-2017-7468
Foundation
Apple Security Update Downloads
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: Processing a maliciously crafted file may lead to arbitrary code execution
- Description: A memory corruption issue was addressed through improved input validation.
- CVE-2017-7031: HappilyCoded (ant4g0nist and r3dsm0k3)
Intel Graphics Driver
- Available for: macOS Sierra 10.12.5
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7014: Lee of Minionz, Axis and sss of Qihoo 360 Nirvan Team
- CVE-2017-7017: chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)
- CVE-2017-7035: shrek_wzw of Qihoo 360 Nirvan Team
- CVE-2017-7044: shrek_wzw of Qihoo 360 Nirvan Team
Intel Graphics Driver
- Available for: macOS Sierra 10.12.5
- Impact: An application may be able to read restricted memory
- Description: A validation issue was addressed with improved input sanitization.
- CVE-2017-7036: shrek_wzw of Qihoo 360 Nirvan Team
- CVE-2017-7045: shrek_wzw of Qihoo 360 Nirvan Team
IOUSBFamily
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team
Kernel
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7022: an anonymous researcher
- CVE-2017-7024: an anonymous researcher
Kernel
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7023: an anonymous researcher
Kernel
- Available for: macOS Sierra 10.12.5
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7025: an anonymous researcher
- CVE-2017-7027: an anonymous researcher
- CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team
Kernel
- Available for: macOS Sierra 10.12.5
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7026: an anonymous researcher
Kernel
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: An application may be able to read restricted memory
- Description: A validation issue was addressed with improved input sanitization.
- CVE-2017-7028: an anonymous researcher
- CVE-2017-7029: an anonymous researcher
Kernel
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: An application may be able to read restricted memory
- Description: A validation issue was addressed with improved input sanitization.
- CVE-2017-7067: shrek_wzw of Qihoo 360 Nirvan Team
kext tools
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7032: Axis and sss of Qihoo 360 Nirvan Team
libarchive
- Available for: macOS Sierra 10.12.5
- Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
- Description: A buffer overflow was addressed through improved bounds checking.
- CVE-2017-7068: found by OSS-Fuzz
libxml2
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
- Description: An out-of-bounds read was addressed through improved bounds checking.
- CVE-2017-7010: Apple
- CVE-2017-7013: found by OSS-Fuzz
libxpc
- Available for: macOS Sierra 10.12.5
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7026: an anonymous researcher
Kernel
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: An application may be able to read restricted memory
- Description: A validation issue was addressed with improved input sanitization.
- CVE-2017-7028: an anonymous researcher
- CVE-2017-7029: an anonymous researcher
Kernel
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: An application may be able to read restricted memory
- Description: A validation issue was addressed with improved input sanitization.
- CVE-2017-7067: shrek_wzw of Qihoo 360 Nirvan Team
kext tools
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7032: Axis and sss of Qihoo 360 Nirvan Team
libarchive
- Available for: macOS Sierra 10.12.5
- Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
- Description: A buffer overflow was addressed through improved bounds checking.
- CVE-2017-7068: found by OSS-Fuzz
libxml2
- Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
- Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information
- Description: An out-of-bounds read was addressed through improved bounds checking.
- CVE-2017-7010: Apple
- CVE-2017-7013: found by OSS-Fuzz
libxpc
- Available for: macOS Sierra 10.12.5 and OS X El Capitan 10.11.6
- Impact: An application may be able to execute arbitrary code with system privileges
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-7047: Ian Beer of Google Project Zero
Wi-Fi
- Available for: macOS Sierra 10.12.5
- Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
- Description: A memory corruption issue was addressed with improved memory handling.
- CVE-2017-9417: Nitay Artenstein of Exodus Intelligence
Apple macOS Security Updates for previous versions:
Software similar to Apple Security Update 4
- 794 votesmacOS Catalina gives you more of everything you love about Mac. Experience music, TV, and podcasts in three all-new Mac apps.
- Freeware
- macOS
- 1070 votesmacOS High Sierra helps you rediscover your best photos, shop faster and more conveniently online, and work more seamlessly between devices.
- Freeware
- Windows
- 409 votesmacOS Mojave brings new features inspired by its most powerful users, but designed for everyone. Stay better focused on your work in Dark Mode. Automatically organize files using Stacks.
- Freeware
- macOS
Security Updates 2020-005 for macOS Mojave 10.14 (18G6032) & High Sierra 10.13 (17G14033) are now Available.
UPDATE 10/02/20 – Apple has just released a new Mojave Supplemental Update to fix all the problems of the previous Safari 14.0 Update.
UPDATE 10/01/20 –The Mojave 2020-005 Security Update and the Safari Update have been pulled due to all the problems they are causing!
UPDATE 9/26/20 – Some users have reported major problems after installing the update!
Today, Apple released macOS Security Update 2020-005 for High Sierra and Mojave. The 2020-005 security update will most likely will be the end of the line for macOS High Sierra. After macOS Big Sur is released, Apple will no longer support High Sierra.
Below you will find Build Versions, Download Links, Update Sizes and previous Security Update Links.
The 2020-005 Update fixes & reverts the 2020-003 changes made to the –ignore flag. After installing the update, you can now ignore major upgrades again.
UPDATE 9/24/20 – The 2020-004 update was said to fix this but it actually did not work properly. If you had a UAMDM (User Approved Mobile Device Management) Enrolled Mac the --ignore
option did NOT work. The 2020-005 update fixed this and now works properly. Big hat tip to @pcrandom for doing a ton of testing. He was able to confirm that this issue was fixed.
After installing 2020-004 on 10.14 & 10.13 you can once again block major upgrades (Catalina). I mentioned this change in my Catalina 10.15.6 Patch Notes Article.
NOTE: This change is ONLY for UAMDM (User Approved Mobile Device Management) and Supervised Macs. If your Mac is not Supervised or part of an UAMDM you will not be able to ignore major updates.
In macOS Big Sur softwareupdate --ignore
is deprecated and no longer works. You will only be able to block minor and major updates for 90 days using MDM.Please file feedback NOW, if you need the ability to block minor & major updates in macOS Big Sur!Thanks for the clarification @mboylan!
I previously wrote about the situation here – mrmacintosh.com/10-15-5-2020-003-updates-changes-to-softwareupdate-ignore/
You can read up more on what happened below.
How do I keep track of all the macOS Build Versions?
I document all of the macOS Build Versions like the latest Mojave 2020-005 High Sierra 2020-005 along with most Apple Applications, XProtect, Gatekeeper and MRT updates in one database. You can check out the link below.
MacOS Mojave Security Update 2020-005 (18G6032)
- macOS Mojave Security Update 2020-005
- Size = 1.69 GB
- Package Download and Information Link
Information on the Security fixes included in the 2020-005 Mojave Security Update
MacOS High Sierra Security Update 2020-005 (17G14033)
- 10.13.6 High Sierra Security Update 2020-005
- Size = 2.12 GB
- Package Download and Information Link
Information on the Security fixes included in the 2020-005 High Sierra Security Update
Safari Update
Safari was NOT updated
Download Size for High Sierra
Downloads Size for Mojave
T2 BridgeOS Update
The 2020-005 Security Update for Mojave and High Sierra upgrade BridgeOS to version – 17.16.16610.0.0
- 2. Previous Version 2020-004 = 17.16.16065
- 1. Previous version 2020-003 = 17.16.15290
Previous Security Update Releases
- 11. Security Updates 09/24/20 10.14.6 Mojave (18G6032) & 10.13 (2020-0050
- 10. Security Updates 07/15/20 10.14.6 Mojave (18G6020) & 10.13 (2020-004)
- 9. Security Updates 05/26/20 10.14.6 Mojave (18G5033) & 10.13 (2020-003)
- 8. Security Updates 03/24/20 10.14.6 Mojave (18G4032) & 10.13 (2020-002)
- 7. Security Updates 01/28/20 10.14.6 Mojave (18G3020) & 10.13 (2020-001)
- 6. Security Updates 12/10/19 10.14.6 Mojave (2019-002) & 10.13 (2019-007)
- 5. Security Updates 10/31/19 10.14.6 Mojave (2019-001) & 10.13 (2019-006)
- 4. Security Updates 9/26/19 10.14.6 Mojave (18G103) 10.13 & 10.12 (2019-005)
- 3. Security Updates 7/22/19 10.14.6 Mojave (18G84) 10.13 & 10.12 (2019-004)
- 2. Security Updates 5/13/19 10.14.5 Mojave (18F132) 10.13. & 10.12 (2019-003)
- 1. Security Updates 3/25/19 10.14.4 Mojave (18E226) 10.13 & 10.12 (2019-002)
Security Related Content for 2020-004
This security update has only 4 'Public' fixes. (some fixes are released later)
ImageIO
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-9961: Xingwei Lin of Ant Group Light-Year Security Lab
Available for: macOS High Sierra 10.13.6
Impact: A remote attacker may be able to unexpectedly alter application state
Description: This issue was addressed with improved checks.
CVE-2020-9941: Fabian Ising of FH Münster University of Applied Sciences and Damian Poddebniak of FH Münster University of Applied Sciences
Model I/O
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-9973: Aleksandar Nikolic of Cisco Talos
Sandbox
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15
Impact: A malicious application may be able to access restricted files
Description: A logic issue was addressed with improved restrictions.
Macos Security Updates
CVE-2020-9968: Adam Chester(@xpn) of TrustedSec
Apple Security Update Download Free
Security Updates 2020-005 Mojave