Catalina 10.15 Fixes a Dozen Bugs
Apple released 16 patches addressing a range of Catalina bugs such as CoreAudio, IOGraphics and WebKit. The security fixes are exclusively for macOS 10.15. Two bugs affects the macOS kernel and would allow for arbitrary code-execution. Both are tied to memory-corruption issues. In one case, Apple said the flaw was addressed via improved state management, and in the other via improved memory handling.
Apple's browser engine, WebKit, was also patched for browser history issues. The first fix tackles a bug that gives a hacker access to a user's browser history when lured to visit a maliciously crafted website. The second bug makes it impossible to delete browsing history items.
Intel's Graphic Driver also received a patch that could allow an application to execute arbitrary code with system privileges. Two additional flaws in to the Apache web server and PHP that comes preinstalled with Catalina were addressed. The patch is an update to existing issue effecting the PHP EXIF extension that could lead to information disclosure or crash. A related bug also impacting the PHP EXIF extensions, could create conditions that may also lead to information disclosure or crash.
The two WebKit bugs were discovered by Google Project Zero researcher Sergei Glazunov. Apple and Google aren't revealing much about the bug only that, "Processing maliciously crafted web content may lead to universal cross site scripting."