Q. How can I get rid of unwanted Mac OS X is infected (4) by viruses popup on my web-browser?
Apple introduced malware detection to the Mac OS with Snow Leopard (Mac OS 10.6). This system consists of the quarantine of any app downloaded from the Internet, the use of Code Signing. All you need is a Mac running macOS 10.10 (Yosemite) or later with at least 750 MB of disk space. An Internet connection is also required for automatic security updates. Avast Security for Mac.
The full text of the pop-up is:
A. “Mac OS X is infected (4) by viruses” pop-up is a fake alert that designed to force you into downloading and installing potentially unwanted software or malware. If you are constantly getting “Mac OS X is infected (4) by viruses” popups on your Apple Mac then it indicate that your computer and/or web-browser is already affected with adware (sometimes called ‘ad-supported’ software) or PUP (potentially unwanted program).
What is adware? Adware delivers unwanted advertisements on your browser. Some of these advertisements are scams or fake ads made to trick you. Even the harmless ads can become really irritating. Adware can be installed unintentionally and without you knowing about it, when you open email attachments, install free free applications.
The worst is, adware can be used to collect your browsing history and personal information, including passwords and credit card numbers. In the future, your confidential info can be used for marketing purposes.
Do not panic because we have got the solution. Here’s a instructions on how to get rid of adware and remove “Mac OS X is infected (4) by viruses” pop ups from the Firefox, Safari and Chrome and other internet browsers.
Remove “Mac OS X is infected (4) by viruses” popups (removal instructions)
There present several free adware removal tools. Also it is possible to get rid of “Mac OS X is infected (4) by viruses” popups manually. But we suggest to combine all these ways below into the one removal algorithm. Follow the steps of the instructions. Some of the steps will require you to reboot your MAC or close this web page. So, read this tutorial carefully, then bookmark or print it for later reference.
To remove “Mac OS X is infected (4) by viruses” pop-up, perform the steps below:
- How to manually remove “Mac OS X is infected (4) by viruses” scam
- “Mac OS X is infected (4) by viruses” pop up automatic removal
How to manually remove “Mac OS X is infected (4) by viruses” scam
The following instructions is a step-by-step guide, which will help you manually get rid of “Mac OS X is infected (4) by viruses” pop-ups from the Mozilla Firefox, Google Chrome and Safari. If you do not want to delete adware in the manually due to the fact that you are not skilled at computer, then you can run free removal tools listed below.
Delete adware through the Finder
We suggest that you begin the Apple Mac cleaning process by checking the list of installed applications and delete all unknown or questionable apps. This is a very important step, as mentioned above, very often the malicious software such as adware and browser hijacker infections may be bundled with free software. Delete the unwanted apps can remove the undesired ads or web-browser redirect.
Make sure you have closed all web browsers and other apps. Next, delete any unrequested and suspicious applications from MAC system using the Finder.
Open Finder and click “Applications”.
Look around the entire list of applications installed on your Apple Mac. Most likely, one of them is the adware responsible for redirecting your browser to the “Mac OS X is infected (4) by viruses” site. Select the suspicious program or the program that name is not familiar to you and delete it.
Drag the questionable application from the Applications folder to the Trash.
Most important, don’t forget, choose Finder -> Empty Trash.
Get rid of “Mac OS X is infected (4) by viruses” from Mozilla Firefox by resetting internet browser settings
If the Firefox settings such as search engine by default, home page and newtab have been modified by the adware software, then resetting it to the default state can help. However, your saved passwords and bookmarks will not be changed, deleted or cleared.
Click the Menu button (looks like three horizontal lines), and press the blue Help icon located at the bottom of the drop down menu as displayed on the image below.
A small menu will appear, click the “Troubleshooting Information”. On this page, click “Refresh Firefox” button like below.
Follow the onscreen procedure to restore your Mozilla Firefox browser settings to their default values.
Remove “Mac OS X is infected (4) by viruses” pop ups from Google Chrome
If you have adware problem or the Google Chrome is running slow, then reset Chrome settings can help you. In the steps below we will show you a way to reset your Chrome settings to original state without reinstall. This will also help to delete “Mac OS X is infected (4) by viruses” pop ups from your browser.
First open the Google Chrome. Next, press the button in the form of three horizontal dots ().
It will show the Google Chrome menu. Select More Tools, then click Extensions. Carefully browse through the list of installed plugins. If the list has the extension signed with “Installed by enterprise policy” or “Installed by your administrator”, then complete the following steps: Remove Chrome extensions installed by enterprise policy.
Open the Chrome menu once again. Further, click the option named “Settings”.
The browser will open the settings screen. Another solution to show the Chrome’s settings – type chrome://settings in the internet browser adress bar and press Enter
Scroll down to the bottom of the page and click the “Advanced” link. Now scroll down until the “Reset” section is visible, as shown in the figure below and click the “Reset settings to their original defaults” button.
The Google Chrome will open the confirmation prompt as shown on the image below.
You need to confirm your action, click the “Reset” button. The browser will start the task of cleaning. When it is complete, the browser’s settings including start page, newtab and search provider back to the values which have been when the Chrome was first installed on your MAC.
Get rid of “Mac OS X is infected (4) by viruses” popups from Safari
The Safari reset is great if your browser is hijacked or you have unwanted addo-ons or toolbars on your browser, which installed by an malicious software.
Click Safari menu and select “Preferences”.
It will open the Safari Preferences window. Next, click the “Extensions” tab. Look for unknown and suspicious add-ons on left panel, select it, then click the “Uninstall” button. Most important to remove all unknown add-ons from Safari.
Once complete, click “General” tab. Change the “Default Search Engine” to Google.
Find the “Homepage” and type into textfield “https://www.google.com”.
“Mac OS X is infected (4) by viruses” pop up automatic removal
Manual removal steps does not always help to completely get rid of the adware software, as it is not easy to identify and delete components of adware and all malicious files from hard disk. Therefore, it’s recommended that you use malware removal utility to completely delete “Mac OS X is infected (4) by viruses” off your internet browser. Several free malicious software removal tools are currently available that can be used against the adware software. The optimum solution would be to run MalwareBytes Anti-Malware (MBAM).
Automatically delete “Mac OS X is infected (4) by viruses” pop ups with MalwareBytes AntiMalware
Manual “Mac OS X is infected (4) by viruses” pop-ups removal requires some computer skills. Some files that created by the adware can be not fully removed. We recommend that use the MalwareBytes AntiMalware (MBAM) that are fully free your computer of adware software. Moreover, this free tool will allow you to remove browser hijacker, malware, PUPs and toolbars that your computer may be infected too.
Download MalwareBytes Anti-Malware on your computer from the link below.
Malwarebytes Anti-malware (Mac)
15786 downloads
Author: Malwarebytes
Category: Security tools
Update: September 10, 2020
15786 downloads
Author: Malwarebytes
Category: Security tools
Update: September 10, 2020
When the downloading process is complete, run it and follow the prompts. Press the “Scan” button . MalwareBytes Free utility will begin scanning the whole computer to find out adware software that responsible for web-browser redirect to the unwanted “Mac OS X is infected (4) by viruses” site. This process can take quite a while, so please be patient. When a threat is detected, the count of the security threats will change accordingly. You may get rid of items (move to Quarantine) by simply press “Remove Selected Items” button.
The MalwareBytes is a free program that you can use to remove all detected folders, files, malicious services and so on.
How to Stop “Mac OS X is infected (4) by viruses” pop-ups
It’s important to run ad blocking apps like AdGuard to protect your MAC system from harmful web sites. Most security experts says that it’s okay to block ads. You should do so just to stay safe! And, of course, the AdGuard can to block “Mac OS X is infected (4) by viruses” and other unwanted web pages.
- AdGuard can be downloaded from the following link.AdGuard for Mac download
2870 downloads
Author: © Adguard
Category: Security tools
Update: January 17, 2018 - When the downloading process is finished, launch the downloaded file. You will see the “Setup Wizard” program window. Follow the prompts.
- After the install is done, click “Skip” to close the installation application and use the default settings, or click “Get Started” to see an quick tutorial that will allow you get to know AdGuard better.
- In most cases, the default settings are enough and you do not need to change anything. Each time, when you launch your MAC system, AdGuard will launch automatically and stop unwanted ads, block “Mac OS X is infected (4) by viruses” scam, as well as other harmful or misleading pages.
How to avoid installation of “Mac OS X is infected (4) by viruses” popups
It’s very important to pay attention to additional checkboxes during the install of free programs to avoid installing of potentially unwanted programs, adware, hijackers or other undesired apps. Never install the third-party apps that the program wants to setup with it. Inattentive free. software download can result in installation of unwanted program like this adware software that causes a lot of intrusive “Mac OS X is infected (4) by viruses” popup.
To sum up
After completing the steps outlined above, your MAC should be clean from this adware and other malicious software. The Safari, Mozilla Firefox and Google Chrome will no longer show intrusive “Mac OS X is infected (4) by viruses” web-page when you surf the World Wide Web. Unfortunately, if the steps does not help you, then you have caught a new adware software, and then the best way – ask for help.
Please create a new question by using the “Ask Question” button in the Questions and Answers. Try to give us some details about your problems, so we can try to help you more accurately. Wait for one of our trained “Security Team” or Site Administrator to provide you with knowledgeable assistance tailored to your problem with the undesired “Mac OS X is infected (4) by viruses” pop ups.
(1 votes, average: 5.00 out of 5)Loading..
About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
Released March 25, 2019
802.1X
Available for: macOS Mojave 10.14.3
Impact: An attacker in a privileged network position may be able to intercept network traffic
Virus Mac 10 13 4 Inch
Description: A logic issue was addressed with improved state management.
CVE-2019-6203: Dominic White of SensePost (@singe)
Entry added April 15, 2019
802.1X
Available for: macOS High Sierra 10.13.6
Impact: An untrusted radius server certificate may be trusted
Description: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.
CVE-2019-8531: an anonymous researcher, QA team of SecureW2
Entry added May 15, 2019
Accounts
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted vcf file may lead to a denial of service
Description: A denial of service issue was addressed with improved validation.
CVE-2019-8538: Trevor Spiniolas (@TrevorSpiniolas)
Entry added April 3, 2019
APFS
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.
CVE-2019-8534: Mac working with Trend Micro's Zero Day Initiative
Entry added April 15, 2019
AppleGraphicsControl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow was addressed with improved size validation.
CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team
Bom
Available for: macOS Mojave 10.14.3
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file metadata.
CVE-2019-6239: Ian Moorhouse and Michael Trimm
CFString
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted string may lead to a denial of service
Description: A validation issue was addressed with improved logic.
CVE-2019-8516: SWIPS Team of Frifee Inc.
configd
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2019-8511: an anonymous researcher
CoreCrypto
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2019-8542: an anonymous researcher
DiskArbitration
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password
Description: A logic issue was addressed with improved state management.
CVE-2019-8522: Colin Meginnis (@falc420)
FaceTime
Available for: macOS Mojave 10.14.3
Impact: A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing
Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic.
CVE-2019-8550: Lauren Guzniczak of Keystone Academy
FaceTime
Available for: macOS Mojave 10.14.3
Impact: A local attacker may be able to view contacts from the lock screen
Description: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.
CVE-2019-8777: Abdullah H. AlJaber (@aljaber) of AJ.SA
Entry added October 8, 2019
Feedback Assistant
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional validation.
CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary files
Description: This issue was addressed with improved checks.
CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted file might disclose user information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2019-8906: Francisco Alonso
Entry updated April 15, 2019
Graphics Drivers
Available for: macOS Mojave 10.14.3
Impact: An application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin (@panicaII) and Junzhi Lu of Trend Micro Research working with Trend Micro's Zero Day Initiative, Lilang Wu and Moony Li of Trend Micro
Entry updated August 1, 2019
iAP
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A buffer overflow was addressed with improved bounds checking. Make windows boot disk on mac.
CVE-2019-8542: an anonymous researcher
IOGraphics
Available for: macOS Mojave 10.14.3
Impact: A Mac may not lock when disconnecting from an external monitor
Description: A lock handling issue was addressed with improved lock handling.
CVE-2019-8533: an anonymous researcher, James Eagan of Télécom ParisTech, R. Scott Kemp of MIT, and Romke van Dijk of Z-CERT
IOHIDFamily
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: A memory corruption issue was addressed with improved state management.
CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2019-8504: an anonymous researcher
IOKit SCSI
Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro Research working with Trend Micro's Zero Day Initiative
Entry updated April 15, 2019
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A local user may be able to read kernel memory
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2018-4448: Brandon Azad
Entry added September 17, 2019
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A remote attacker may be able to alter network traffic data
Description: A memory corruption issue existed in the handling of IPv6 packets. This issue was addressed with improved memory management.
CVE-2019-5608: Apple
Entry added August 6, 2019
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved size validation.
CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel Mac studio tech foundation.
Available for: macOS Mojave 10.14.3, macOS High Sierra 10.13.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2019-8528: Fabiano Anemone (@anoane), Zhao Qixun (@S0rryMybad) of Qihoo 360 Vulcan Team
Entry added April 3, 2019, updated August 1, 2019
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2019-8508: Dr. Silvio Cesare of InfoSect
Kernel
Available for: macOS Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved state management.
CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to determine kernel memory layout
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to read kernel memory
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2019-7293: Ned Williamson of Google
Kernel
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to determine kernel memory layout
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)
CVE-2019-8510: Stefan Esser of Antid0te UG
Kernel
Available for: macOS Mojave 10.14.3
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
CVE-2019-8547: derrek (@derrekr6)
Entry added August 1, 2019
Kernel
Available for: macOS Mojave 10.14.3
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2019-8525: Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team
Entry added August 1, 2019
libmalloc
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: A malicious application may be able to modify protected parts of the file system
Description: A configuration issue was addressed with additional restrictions.
CVE-2018-4433: Vitaly Cheptsov
Entry added August 1, 2019, updated September 17, 2019
Mail
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted mail message may lead to S/MIME signature spoofing
Description: An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates.
CVE-2019-8642: Maya Sigal of Freie Universität Berlin and Volker Roth of Freie Universität Berlin
Entry added August 1, 2019
Mail
Available for: macOS Mojave 10.14.3
Impact: An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail
Description: An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail.
CVE-2019-8645: Maya Sigal of Freie Universität Berlin and Volker Roth of Freie Universität Berlin
Entry added August 1, 2019
Messages
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view sensitive user information
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2019-8546: ChiYuan Chang
Modem CCL
Available for: macOS Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved memory handling.
CVE-2019-8579: an anonymous researcher
Entry added April 15, 2019
Notes
Available for: macOS Mojave 10.14.3
Impact: A local user may be able to view a user’s locked notes
Description: An access issue was addressed with improved memory management.
CVE-2019-8537: Greg Walker (gregwalker.us)
PackageKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved validation.
CVE-2019-8561: Jaron Bradley of Crowdstrike
Perl
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: Multiple issues in Perl
Description: Multiple issues in Perl were addressed in this update.
CVE-2018-12015: Jakub Wilk
CVE-2018-18311: Jayakrishna Menon
CVE-2018-18313: Eiichi Tsukata
Power Management
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation.
CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)
QuartzCore
Available for: macOS Mojave 10.14.3
Impact: Processing malicious data may lead to unexpected application termination
Description: Multiple memory corruption issues were addressed with improved input validation.
CVE-2019-8507: Kai Lu of Fortinet's FortiGuard Labs
Sandbox
Available for: macOS Mojave 10.14.3
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A logic issue was addressed with improved restrictions.
CVE-2019-8618: Brandon Azad
Entry added August 1, 2019
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A use after free issue was addressed with improved memory management.
CVE-2019-8526: Linus Henze (pinauten.de)
Security
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre (NCSC)
Security
Available for: macOS Mojave 10.14.3
Impact: An untrusted radius server certificate may be trusted
Description: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.
CVE-2019-8531: an anonymous researcher, QA team of SecureW2
Security
Available for: macOS Mojave 10.14.3
Impact: An untrusted radius server certificate may be trusted
Description: A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation.
CVE-2019-8531: an anonymous researcher, QA team of SecureW2
Entry added May 15, 2019
Siri
Available for: macOS Mojave 10.14.3
Impact: A malicious application may be able to initiate a Dictation request without user authorization
Description: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation.
CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest
Time Machine
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: A local user may be able to execute arbitrary shell commands
Description: This issue was addressed with improved checks.
CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs
Touch Bar Support
Available for: macOS Mojave 10.14.3
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2019-8569: Viktor Oreshkin (@stek29)
Entry added August 1, 2019
TrueTypeScaler
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted font may result in the disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative
Wi-Fi
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3
Impact: An attacker in a privileged network position can modify driver state
Description: A logic issue was addressed with improved validation.
CVE-2019-8564: Hugues Anguelkov during an internship at Quarkslab
Entry added April 15, 2019
Wi-Fi
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6
Impact: An attacker in a privileged network position can modify driver state
Description: A logic issue was addressed with improved state management.
CVE-2019-8612: Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt
Entry added August 1, 2019
Wi-Fi
Available for: macOS Mojave 10.14.3
Impact: A device may be passively tracked by its Wi-Fi MAC address
Description: A user privacy issue was addressed by removing the broadcast MAC address.
CVE-2019-8567: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt
Entry added August 1, 2019
xar
Available for: macOS Mojave 10.14.3
Impact: Processing a maliciously crafted package may lead to arbitrary code execution
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2019-6238: Yiğit Can YILMAZ (@yilmazcanyigit)
Entry added April 15, 2019
XPC
Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3
Impact: A malicious application may be able to overwrite arbitrary files
Description: This issue was addressed with improved checks.
CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Accounts
We would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt for their assistance.
Books
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
Kernel
We would like to acknowledge Brandon Azad, Brandon Azad of Google Project Zero, Daniel Roethlisberger of Swisscom CSIRT, Raz Mashat (@RazMashat) of Ilan Ramon High School for their assistance.
Entry updated September 17, 2019
Mail
We would like to acknowledge Craig Young of Tripwire VERT and Hanno Böck for their assistance.
Time Machine
Virus Mac 10 13 4 17e199 Hot
We would like to acknowledge CodeColorist of Ant-Financial LightYear Labs for their assistance.