About macOS Mojave Security Update 2021-005 10.14.6. I can't install this upgrade on my iMac27 late 2014. Downloading is OK, but at the end of installing, I get the message that is wasn't possible. Same for Big Sur. IMac 27″, macOS 10.14. Posted on Sep 16, 2021 2:27 AM. I have this question too. Jul 21, 2021 Apple has released the full list of security updates that were released today to both macOS Mojave and macOS Catalina. The updates include fixes to audio, Bluetooth, and WebKit. You can check out the full list of security fixes below: Impact: An application may be able to execute arbitrary code with kernel privileges.

  1. Macos Mojave Security Update 2021-003 10.14.6
  2. Yahoo Security Update Downloads
Version 10.14.6 (2021-004):

Full release notes are available here

APFS
Update
  • A local user may be able to read arbitrary files. The issue was addressed with improved permissions logic.
Audio
  • An application may be able to read restricted memory. A memory corruption issue was addressed with improved validation.
CFNetwork
  • Processing maliciously crafted web content may disclose sensitive user information. A memory initialisation issue was addressed with improved memory handling.
Downloads
CoreAudio
  • A malicious application may be able to read restricted memory. A memory corruption issue was addressed with improved validation.
CoreGraphics
  • Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. A memory corruption issue was addressed with improved validation.
CoreText
  • Processing a maliciously crafted font may result in the disclosure of process memory. A logic issue was addressed with improved state management.
Curl
  • A remote attacker may be able to cause a denial of service. A buffer overflow was addressed with improved input validation.
Curl
  • An attacker may provide a fraudulent OCSP response that would appear valid. This issue was addressed with improved checks.
DiskArbitration
Update
  • A malicious application may be able to modify protected parts of the file system. A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks.
FontParser
  • Processing a maliciously crafted font file may lead to arbitrary code execution. An out-of-bounds read was addressed with improved input validation.
FontParser
  • Processing a maliciously crafted font file may lead to arbitrary code execution. A logic issue was addressed with improved state management.
Foundation
  • A malicious application may be able to gain root privileges. A validation issue was addressed with improved logic.
ImageIO
  • Processing a maliciously crafted image may lead to arbitrary code execution. This issue was addressed with improved checks.
Intel Graphics Driver
  • An application may be able to execute arbitrary code with kernel privileges. An out-of-bounds write was addressed with improved input validation.
Intel Graphics Driver
  • An application may be able to execute arbitrary code with kernel privileges. A race condition was addressed with additional validation.
Intel Graphics Driver
  • A malicious application may be able to execute arbitrary code with kernel privileges. An out-of-bounds write issue was addressed with improved bounds checking.
Kernel
  • A malicious application may be able to disclose kernel memory. A memory initialisation issue was addressed with improved memory handling.
  • An application may be able to execute arbitrary code with kernel privileges. A logic issue was addressed with improved state management.
  • A local attacker may be able to elevate their privileges. A memory corruption issue was addressed with improved validation.
Libxpc
  • A malicious application may be able to gain root privileges. A race condition was addressed with additional validation.
Libxslt
  • Processing a maliciously crafted file may lead to heap corruption. A double free issue was addressed with improved memory management.
NSRemoteView

Macos Mojave Security Update 2021-003 10.14.6

Security
  • Processing maliciously crafted web content may lead to arbitrary code execution. A use after free issue was addressed with improved memory management.
Preferences
  • A local user may be able to modify protected parts of the file system. A parsing issue in the handling of directory paths was addressed with improved path validation.
Macos mojave security update 2021
Smbx
  • An attacker in a privileged network position may be able to leak sensitive user information. An integer overflow was addressed with improved input validation.
Tailspin
  • A local attacker may be able to elevate their privileges. A logic issue was addressed with improved state management.
Tcpdump
  • A remote attacker may be able to cause a denial of service. This issue was addressed with improved checks.
Time Machine
  • A local attacker may be able to elevate their privileges. The issue was addressed with improved permissions logic.
Wi-Fi
  • An application may be able to cause unexpected system termination or write kernel memory. A memory corruption issue was addressed with improved validation.
Wifivelocityd
  • An application may be able to execute arbitrary code with system privileges. The issue was addressed with improved permissions logic.
WindowServer
  • A malicious application may be able to unexpectedly leak a user's credentials from secure text fields. An API issue in Accessibility TCC permissions was addressed with improved state management.

To follow up with this, there was a similar looking issue reported here pointing to a thread on MacRumors there.


The thread says that the problem is with accounts that are connected to a Windows AD however this is not my experience as my network is Mac Only using an OD on a Mac Server. But still, I did some testing and the below procedure quoted from MacRumors indeed allows for my affected users to connect on a machine upgraded to 2021-004:


'The fix (well, really just a stop-gap measure until I can discover the actual cause) is to basically tell the OS to ignore cached Kerberos credentials for authorization (as well as screensaver). A shout out to @jojo on #MacAdmins for confirming my suspicions. To do this you will need to edit two system files (yours should look similar to these):


Yahoo Security Update Downloads

Code:



Using your favorite text editor (sudo) remove use_kcminit from each file.



But not understanding why this works is a no-no for me to implement this on anything else but a test machine, so I will wait for a proper patch from Apple before updating the rest of my machines. I contacted them on their support link and I urge you to do the same if you experience the same issue.

May 27, 2021 1:35 AM