June 4th update below, post originally published June 1.
Last week saw Apple release MacOS Catalina version 10.15.5; a surprising move so close to the Virtual WWDC later this month and the expected announcement of MacOS 10.16. Nevertheless Tim Cook and his team pushed out the update with a number of security updates, and the addition of the battery health software.
The surprises keep on coming, with a ‘supplemental release’ today of 10.15.5 with ‘important security updates’.
Update June 2: It looks like Apple is far from done with MacOS Catalina. Not only has this week seen the supplementary update to the desk-bound operating system, but the MacOS development team have released a beta version of MacOS 10.15.6 to developers and those signed up to the beta program.
At the moment Apple’s release notes echo the now familiar ‘bug fixes and improvements’ in the package. No doubt there are other changes in the code, and a closer examination will no doubt reveal Apple’s net steps with the platform.
With Apple’s virtual WWDC coming up on the horizon, we may hear more on the new features by the end of the month. Or it could be more preparatory work that will allow MacOS to run on the current Intel processors and the upcoming inclusion of ARM processors on the Mac platform.
June 4th update: Following the release of MacOS 10.15.5 (and the snap release of the supplemental update for security issues), Mac owners are encountering some issues when they come to install the update. These include screen flashing, excessive install times, and kernel panics,
Pieter Herman has noted some immediate first aid if your installation is broken but the main advice from Herman, and one that I fully endorse, is simple.
Remember to back up your Mac before you install any update to the operating system. That will allow you to easily roll back to the previous version of MacOS if needed.
Apple’s support pages offer more details on the 10.15.5 changes, which have been made to the kernel:
- Available for: macOS High Sierra 10.13.6, macOS Catalina 10.15.5
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A memory consumption issue was addressed with improved memory handling.
- CVE-2020-9859: unc0ver
The nature of the changes and the inclusion of MacOS High Sierra suggests that either something has slipped through the quality control net, or a serious exploit has come to Apple’s attention in the last few days.
Speculation will no doubt fall on the ‘Sign In With Apple’ flaw which saw Apple pay a $100,00 bounty. Forbes’ Davey Winder:
“With the vulnerability already now patched by Apple on the server-side, Bhavuk Jain published his disclosure of the security shocker on May 30. Although the vulnerability related only to third-party apps which used Sign in with Apple without taking any further security measures, it’s shocking for two reasons.”
Those reasons being the breadth of the attack and what it could open up to a hacker, and Apple’s inability to catch this flaw during testing.