Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Second macOS 10.14.6 Supplemental Update plugs malware hole

Apple has released a second "Supplemental Update" for macOS Mojave 10.14.6, along with security updates for High Sierra and Sierra, one which fixes a flaw found by Google that could be abused by malware as part of an attack.

Released on Thursday, "Supplemental Update 2," is described in the Software Update utility of macOS as "recommended for all users and improves the security of macOS." The update itself weighs in at 1.25 gigabytes, making it a relatively hefty update.

The update also includes links to the security content page, which advises the update fixes one bug. According to Apple, "a remote attacker may be able to cause unexpected application termination or arbitrary code execution" in unpatched Macs, with the update's affects being "an out-of-bounds read was addressed with improved input validation."

The issue is listed as CVE-2019-8641, and is credited to Samuel Gross and Natalie Silvanovich of Google Project Zero, the search company's security team working to uncover exploits and flaws in operating systems and software.

The bug is actually part of a batch of issues revealed by the team in July which disclosed five of six security bugs within iOS that could have allowed an attacker to affect a target user's device via iMessage. The CVE number in question was for the sixth bug that was not revealed at the time.

The first Supplemental Update for macOS Mojave 10.14.6 was released on August 1.



8 Comments

Wgkrueger 8 Years · 352 comments

Wow, it’s 1.3GB for my 2015 iMac. 

theirongiant 14 Years · 78 comments

Why didn't they just make this 10.14.7?

ElCapitan 6 Years · 372 comments

Wgkrueger said:
Wow, it’s 1.3GB for my 2015 iMac. 

1.88GB for an 2017 iMac running 10.13.6

swat671 9 Years · 157 comments

I agree. Why not make it 10.14.7. 

sflocal 16 Years · 6138 comments

Why didn't they just make this 10.14.7?
swat671 said:
I agree. Why not make it 10.14.7. 

who cares?