macOS Catalina 10.15.3（19D76）リリース。2件のバグ修正、27件のセキュリティ問題に対応。アップデートすべきか否か、更新内容、所要時間、更新後の不具合の有無についてご紹介

2020-01-30

2020年1月29日。macOS Catalina 10.15.3（19D76）がリリースされました。2件のバグ修正、改善が含まれ、27件のセキュリティ問題（32件のCVE）に対応しています。

macOS 10.15.3にアップデートすべきか否か、サイズ、更新所要時間、更新内容、更新後不具合などについて紹介します。

セキュリティコンテンツへの対応については

macOS Mojave 用のセキュリティアップデート2020-001
macOS High Sierra用のセキュリティアップデート2020-001

もリリースされているので、旧OSを利用の方はアップデートすることをオススメします。

また、iPhone用のiOS 13.3.1/iPad用のiPadOS 13.3.1、Apple Watch用のwatchOS 6.1.2もリリースされています。

合わせてご確認ください。

クリックできる目次

macOS Catalina 10.15.3 アップデートすべき？待つべき？

macOS Catalina 10.15.3は、3番目の数字が加わるメンテナンスリリースの位置づけ。

2件のバグ修正、改善
27件のセキュリティ問題（32件のCVE）への対応

が含まれており、サイズも2.96GBとかなり大幅な修正となっています。

macOS Catalina 10.15.3にアップデートしても良い方は、

macOS Catalina 10.15以降をご利用の方
iOS、iPadOSを10.13以降にアップデートした方

です。

macOS Catalina 10.15.3 更新後の不具合の有無について

2020年1月30日0:00現在、

MacBook Retina 12-inch Early 2015
MacBook Retina 12-inch Early 2016
MacBook Pro 13-inch, 2016

にmacOS Catalina 10.15.3をインストールしましたが、

起動しない
再起動を繰り返す
通信できない

などの不具合は発生していません。

しかしながら、サイトgori.meではmacOS Catalinaにかなりの不具合が報告されていることがわかります。

参考にしてください。

ゴリミー

macOS Catalinaの不具合、アプリの動作不良、各種問題報告まとめ | ゴリミー macOS Catalinaにアップデートすると「Office 2011」などの32bitアプリが起動不能になることを伝えたが、64bit対応アプリでも正常に動作しない場合も。本記事では現時点で…

その他、何か不具合を見つけた場合には更新します。

macOS Catalina 10.15.3 サイズ、更新所要時間は？

実機で確認したmacOS Catalina 10.15.3のサイズ、更新所要時間は次のとおりです。

機種	更新前バージョン	サイズ	全体所要時間	ダウンロード所要時間	インストール所要時間	更新後バージョン
Macbook Retina, 12-inch, Early 2016	19C57	2.96GB	未確認	未確認 ※1	未確認	19D76
Macbook Retina, 12-inch, Early 2016	19C57	2.96GB	未確認	未確認 ※2	未確認	19D76
Macbook Pro Retina, 13-inch, Early 2016	19C57	2.96GB	未確認	未確認 ※1	未確認	19D76

※1：有線LAN環境を利用
※2：Wi-Fi環境を利用

最低1時間、できれば1時間半Macを使わずに済む時間を確保ください。

TimeMachineによるバックアップを行う場合にはプラスαの時間を確保してください。

Macbookに関しては、

安定・高速なWi-FI接続、または、有線LAN
電源

環境を整えた上で作業することを強く推奨します。

macOS Catalina 10.15.3 アップデート修正内容について

「ソフトウェア・アップデート」の画面には次のように表示されます。

「詳しい情報…」をクリックすると詳細が表示されます。

macOS 10.15.2のMacbookでは2.96GBのサイズとなっています。

下の部分はスクロール表示可能です。

が、Pro Display XDR、MacBook Proでのビデオ編集パフォーマンスの2件のバグ修正、改善がされています。

2020年1月30日0:00現在、Appleの公式サイトには「What’s now in the updates for macOS Catalina」に「macOS Catalina 10.15.3」という英語の情報しか記載されていませんが、同じ内容の記述となっています。

macOS Catalina 10.15.3

The macOS Catalina 10.15.3 update improves the stability, reliability, and security of your Mac, and is recommended for all users.

Optimizes gamma handling of low gray levels on Pro Display XDR for SDR workflows when using macOS
Improves multi-stream video editing performance for HEVC and H.264-encoded 4K video on the MacBook Pro (16-inch, 2019)

日本語の情報に気づき、更新できるタイミングで更新します。

macOS Catalina 10.15.3 アップデートセキュリティコンテンツについて

公式サイト「Apple セキュリティアップデート」からのリンク先「macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra」によると、27件のセキュリティ問題（32件のCVE）に対応しています。

macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra

Released January 28, 2020

AnnotationKit

Available for: macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3877: an anonymous researcher working with Trend Micro’s Zero Day Initiative

apache_mod_php

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Multiple issues in PHP
Description: Multiple issues were addressed by updating to PHP version 7.3.11.
CVE-2019-11043

Audio

Available for: macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3857: Zhuo Liang of Qihoo 360 Vulcan Team

autofs

Available for: macOS Catalina 10.15.2
Impact: Searching for and opening a file from an attacker controlled NFS mount may bypass Gatekeeper
Description: This was addressed with additional checks by Gatekeeper on files mounted through a network share.
CVE-2020-3866: Jose Castro Almeida (@HackerOn2Wheels) and René Kroka (@rene_kroka)

CoreBluetooth

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3848: Jianjun Dai of Qihoo 360 Alpha Lab
CVE-2020-3849: Jianjun Dai of Qihoo 360 Alpha Lab
CVE-2020-3850: Jianjun Dai of Qihoo 360 Alpha Lab

CoreBluetooth

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3847: Jianjun Dai of Qihoo 360 Alpha Lab

Crash Reporter

Available for: macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2020-3835: Csaba Fitzl (@theevilbit)

Image Processing

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Viewing a maliciously crafted JPEG file may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3827: Samuel Groß of Google Project Zero

ImageIO

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2020-3826: Samuel Groß of Google Project Zero
CVE-2020-3870
CVE-2020-3878: Samuel Groß of Google Project Zero

Intel Graphics Driver

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3845: Zhuo Liang of Qihoo 360 Vulcan Team

IOAcceleratorFamily

Available for: macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3837: Brandon Azad of Google Project Zero

IPSec

Available for: macOS Catalina 10.15.2
Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution
Description: An off by one issue existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking.
CVE-2020-3840: @littlelailo

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-3875: Brandon Azad of Google Project Zero

Kernel

Available for: macOS Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A memory initialization issue was addressed with improved memory handling.
CVE-2020-3872: Haakon Garseg Mørk of Cognite and Cim Stordal of Cognite

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A type confusion issue was addressed with improved memory handling.
CVE-2020-3853: Brandon Azad of Google Project Zero

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to determine kernel memory layout
Description: An access issue was addressed with improved memory management.
CVE-2020-3836: Brandon Azad of Google Project Zero

Kernel

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3842: Ned Williamson working with Google Project Zero
CVE-2020-3871: Corellium

libxml2

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved size validation.
CVE-2020-3846: Ranier Vilela

libxpc

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Processing a maliciously crafted string may lead to heap corruption
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3856: Ian Beer of Google Project Zero

libxpc

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to gain elevated privileges
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-3829: Ian Beer of Google Project Zero

PackageKit

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A malicious application may be able to overwrite arbitrary files
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2020-3830: Csaba Fitzl (@theevilbit)

Security

Available for: macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2020-3854: Jakob Rieck (@0xdead10cc) and Maximilian Blochberger of the Security in Distributed Systems Group of University of Hamburg

sudo

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: Certain configurations may allow a local attacker to execute arbitrary code
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2019-18634: Apple

System

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6
Impact: A malicious application may be able to overwrite arbitrary files
Description: An access issue was addressed with improved access restrictions.
CVE-2020-3855: Csaba Fitzl (@theevilbit)

Wi-Fi

Available for: macOS Catalina 10.15.2
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input sanitization.
CVE-2020-3839: s0ngsari of Theori and Lee of Seoul National University working with Trend Micro’s Zero Day Initiative

Wi-Fi

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: A memory corruption issue was addressed with improved input validation.
CVE-2020-3843: Ian Beer of Google Project Zero

wifivelocityd

Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.6, macOS Catalina 10.15.2
Impact: An application may be able to execute arbitrary code with system privileges
Description: The issue was addressed with improved permissions logic.
CVE-2020-3838: Dayton Pidhirney (@_watbulb)

Additional recognition

Photos Storage

We would like to acknowledge Salman Husain of UC Berkeley for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

公開日： 2020 年 01 月 28 日

macOS Catalina（10.15）だけではなく、macOS Mojave（10.14）、macOS High Sierra（10.13）のセキュリティ更新もリリースされています。

まだ、macOS Mojave、macOS High Sierraを利用している方はアップデートを適用することをオススメします。