Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1409.2
Apple security update for macOS Big Sur
27 April 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: macOS Big Sur
Publisher: Apple
Operating System: Mac OS
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Remote with User Interaction
Modify Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Unauthorised Access -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30661 CVE-2021-30660 CVE-2021-30659
CVE-2021-30658 CVE-2021-30657 CVE-2021-30655
CVE-2021-30653 CVE-2021-30652 CVE-2021-1885
CVE-2021-1884 CVE-2021-1883 CVE-2021-1882
CVE-2021-1881 CVE-2021-1880 CVE-2021-1878
CVE-2021-1876 CVE-2021-1875 CVE-2021-1873
CVE-2021-1872 CVE-2021-1868 CVE-2021-1867
CVE-2021-1861 CVE-2021-1860 CVE-2021-1859
CVE-2021-1858 CVE-2021-1857 CVE-2021-1855
CVE-2021-1853 CVE-2021-1851 CVE-2021-1849
CVE-2021-1847 CVE-2021-1846 CVE-2021-1843
CVE-2021-1841 CVE-2021-1840 CVE-2021-1839
CVE-2021-1834 CVE-2021-1832 CVE-2021-1829
CVE-2021-1828 CVE-2021-1826 CVE-2021-1825
CVE-2021-1824 CVE-2021-1820 CVE-2021-1817
CVE-2021-1815 CVE-2021-1814 CVE-2021-1813
CVE-2021-1811 CVE-2021-1810 CVE-2021-1809
CVE-2021-1808 CVE-2021-1784 CVE-2021-1740
CVE-2021-1739 CVE-2020-8286 CVE-2020-8285
CVE-2020-8037 CVE-2020-7463
Reference: ESB-2021.1408
ESB-2021.1114
Original Bulletin:
https://support.apple.com/HT212325
Comment: Apple is aware of a report that CVE-2021-30661 arbitrary code execution may have been actively exploited.
Revision History: April 27 2021: Updated attack vector.
April 27 2021: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-04-26-2 macOS Big Sur 11.3
macOS Big Sur 11.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212325.
APFS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1853: Gary Nield of ECSC Group plc and Tim
Michaud(@TimGMichaud) of Zoom Video Communications
AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2021-1849: Siguza
Apple Neural Engine
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(å\x{144}´æ½\x{141}æµ ) of Ant Group
Tianqiong Security Lab
Archive Utility
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-1810: an anonymous researcher
Audio
Available for: macOS Big Sur
Impact: An application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
CFNetwork
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1857: an anonymous researcher
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: macOS Big Sur
Impact: A malicious application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
CoreFoundation
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A validation issue was addressed with improved logic.
CVE-2021-30659: Thijs Alkemade of Computest
CoreGraphics
Available for: macOS Big Sur
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1847: Xuwei Liu of Purdue University
CoreText
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
curl
Available for: macOS Big Sur
Impact: An attacker may provide a fraudulent OCSP response that would
appear valid
Description: This issue was addressed with improved checks.
CVE-2020-8286: an anonymous researcher
curl
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A buffer overflow was addressed with improved input
validation.
CVE-2020-8285: xnynx
DiskArbitration
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A permissions issue existed in DiskArbitration. This was
addressed with additional ownership checks.
CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl
(@theevilbit) of Offensive Security, and an anonymous researcher
FaceTime
Available for: macOS Big Sur
Impact: Muting a CallKit call while ringing may not result in mute
being enabled
Description: A logic issue was addressed with improved state
management.
CVE-2021-1872: Siraj Zaneer of Facebook
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security
Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi
(@hjy79425575) of Qihoo 360
Foundation
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)
Foundation
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue was addressed with improved logic.
CVE-2021-1813: Cees Elzinga
Heimdal
Available for: macOS Big Sur
Impact: Processing maliciously crafted server messages may lead to
heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30653: Ye Zhang of Baidu Security
CVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin & Qi Sun of
Trend Micro, and Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1843: Ye Zhang of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1885: CFF of Topsec Alpha Team
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1858: Mickey Jin of Trend Micro
Installer
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file
metadata.
CVE-2021-30658: Wojciech ReguÃ…\x{130}a (@_r3ggi) of SecuRing
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1841: Jack Dates of RET2 Systems, Inc.
CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to disclose kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1860: @0xalsr
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1851: @0xalsr
Kernel
Available for: macOS Big Sur
Impact: Copied files may not have the expected file permissions
Description: The issue was addressed with improved permissions logic.
CVE-2021-1832: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30660: Alex Plaskett
libxpc
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2021-30652: James Hutchins
libxslt
Available for: macOS Big Sur
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: A double free issue was addressed with improved memory
management.
CVE-2021-1875: Found by OSS-Fuzz
Login Window
Available for: macOS Big Sur
Impact: A malicious application with root privileges may be able to
access private information
Description: This issue was addressed with improved entitlements.
CVE-2021-1824: Wojciech ReguÃ…\x{130}a (@_r3ggi) of SecuRing
Notes
Available for: macOS Big Sur
Impact: Locked Notes content may have been unexpectedly unlocked
Description: A logic issue was addressed with improved state
management.
CVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd
NSRemoteView
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1876: Matthew Denton of Google Chrome
Preferences
Available for: macOS Big Sur
Impact: A local user may be able to modify protected parts of the
file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari
Available for: macOS Big Sur
Impact: A malicious website may be able to track users by setting
state in a cache
Description: An issue existed in determining cache occupancy. The
issue was addressed through improved logic.
CVE-2021-1861: Konstantinos Solomos of University of Illinois at
Chicago
Safari
Available for: macOS Big Sur
Impact: A malicious website may be able to force unnecessary network
connections to fetch its favicon
Description: A logic issue was addressed with improved state
management.
CVE-2021-1855: HÃ¥vard Mikkelsen Ottestad of HASMAC AS
SampleAnalysis
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1868: Tim Michaud of Zoom Communications
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-1878: Aleksandar Nikolic of Cisco Talos
(talosintelligence.com)
System Preferences
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30657: an anonymous researcher
tcpdump
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-8037: an anonymous researcher
Time Machine
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: The issue was addressed with improved permissions logic.
CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications
and Gary Nield of ECSC Group plc
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2021-1825: Alex Camboe of Aonâ\x{128}\x{153}s Cyber Solutions
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1817: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1826: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1820: an anonymous researcher
WebKit Storage
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-7463: Megan2013678
Wi-Fi
Available for: macOS Big Sur
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Wi-Fi
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1829: Tielei Wang of Pangu Lab
Wi-Fi
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
system privileges
Description: The issue was addressed with improved permissions logic.
CVE-2021-30655: Gary Nield of ECSC Group plc and Tim
Michaud(@TimGMichaud) of Zoom Video Communications and Wojciech
ReguÃ…\x{130}a (@_r3ggi) of SecuRing
Windows Server
Available for: macOS Big Sur
Impact: A malicious application may be able to unexpectedly leak a
user's credentials from secure text fields
Description: An API issue in Accessibility TCC permissions was
addressed with improved state management.
CVE-2021-1873: an anonymous researcher
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6
jjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne
srCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/
cMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn
QCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv
fE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA
ECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko
T2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE
/fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY
t3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS
v4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1
0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo=
=9+Ju
- -----END PGP SIGNATURE-----
_______________________________________________
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYIeYUuNLKJtyKPYoAQjDBQ/+PvZLv+HcRD88n22RQn69aGiRsXzZ0rUF
r9o9/KAF1byE/q67hn8GiyJD+B4c6UOU0JxKWTvy3jJESNA8kJypyHVDeBjm/SL9
fiNYfC+NLLy3fJmKypoIIJTMkYd4FhffQRgiKetSEX92rTgqmf7yKDm8wQYZKALG
JiWoAndWhyXrJHZmO69LGC8WhUOIDQSsyrn7ryVhdXe4ztwGCSW9ovscTjHKYHWU
2IvDDoaN8eHUwtIOIQwbcQEUjiSrko0oAlYUgqDtxKtOEX/yfZUHOvoEwvUc2Vz1
uJ/6kfq20leWWhr8WT3B5HmMbmFtwFX2aDw+Gj6AU2JVoDjN1PulcGt9xPWMQJd9
MfmUzp5NZH46k+bA+YzvPG698WljCTyOgnIc4U8+WV/qDPtxGsF9EVl5+2byC9am
jwcZCQGN1bRo881y9BmKYAyJBFHjRUxnxQKgJ2DU/l8lSXaVyadyFOmSBfdED4Ac
pfbevQf9tiKi4rgV0N46pB0P9IX/Iz4bbbVpo8dGHUsOBC4/E/f7DFT7FMPzYW2r
7hlq934fJ486h0SH6lEznMn3vOrO3aVknwQSlhOOguVZDlK2U+LxJxkARpngYPag
KmzrMASdQpKKLWKoMJTDmdkD5ZTHsJymhBeDzOS/LJ9iB2J1/DAY9g0QxDMQaCO+
NxIt/ubLWN8=
=U783
-----END PGP SIGNATURE-----