Operating System:

[Mac]

Published:

27 April 2021

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1416
                 Apple security update for macOS Catalina
                               27 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           macOS Catalina
Publisher:         Apple
Operating System:  Mac OS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Modify Arbitrary Files          -- Existing Account            
                   Denial of Service               -- Remote/Unauthenticated      
                   Provide Misleading Information  -- Remote/Unauthenticated      
                   Access Confidential Data        -- Existing Account            
                   Unauthorised Access             -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-30652 CVE-2021-1882 CVE-2021-1881
                   CVE-2021-1878 CVE-2021-1876 CVE-2021-1875
                   CVE-2021-1873 CVE-2021-1868 CVE-2021-1860
                   CVE-2021-1857 CVE-2021-1851 CVE-2021-1847
                   CVE-2021-1843 CVE-2021-1840 CVE-2021-1839
                   CVE-2021-1834 CVE-2021-1828 CVE-2021-1824
                   CVE-2021-1813 CVE-2021-1811 CVE-2021-1810
                   CVE-2021-1809 CVE-2021-1808 CVE-2021-1797
                   CVE-2021-1784 CVE-2021-1740 CVE-2021-1739
                   CVE-2020-27942 CVE-2020-8286 CVE-2020-8285
                   CVE-2020-8037 CVE-2020-3838 

Reference:         ESB-2021.1408
                   ESB-2021.1114
                   ESB-2021.0352

Original Bulletin: 
   https://support.apple.com/HT212326

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina

Security Update 2021-002 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212326.

APFS
Available for: macOS Catalina
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann

Archive Utility
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-1810: an anonymous researcher

Audio
Available for: macOS Catalina
Impact: An application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab

CFNetwork
Available for: macOS Catalina
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1857: an anonymous researcher

CoreAudio
Available for: macOS Catalina
Impact: A malicious application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab

CoreGraphics
Available for: macOS Catalina
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1847: Xuwei Liu of Purdue University

CoreText
Available for: macOS Catalina
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab

curl
Available for: macOS Catalina
Impact: A remote attacker may be able to cause a denial of service
Description: A buffer overflow was addressed with improved input
validation.
CVE-2020-8285: xnynx

curl
Available for: macOS Catalina
Impact: An attacker may provide a fraudulent OCSP response that would
appear valid
Description: This issue was addressed with improved checks.
CVE-2020-8286: an anonymous researcher

DiskArbitration
Available for: macOS Catalina
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A permissions issue existed in DiskArbitration. This was
addressed with additional ownership checks.
CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl
(@theevilbit) of Offensive Security, and an anonymous researcher

FontParser
Available for: macOS Catalina
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous
researcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin of Trend Micro

FontParser
Available for: macOS Catalina
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-27942: an anonymous researcher

Foundation
Available for: macOS Catalina
Impact: A malicious application may be able to gain root privileges
Description: A validation issue was addressed with improved logic.
CVE-2021-1813: Cees Elzinga

Foundation
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)

ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1843: Ye Zhang of Baidu Security

Intel Graphics Driver
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative

Kernel
Available for: macOS Catalina
Impact: A malicious application may be able to disclose kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1860: @0xalsr

Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1851: @0xalsr

Kernel
Available for: macOS Catalina
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab

libxpc
Available for: macOS Catalina
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2021-30652: James Hutchins

libxslt
Available for: macOS Catalina
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: A double free issue was addressed with improved memory
management.
CVE-2021-1875: Found by OSS-Fuzz

Login Window
Available for: macOS Catalina
Impact: A malicious application with root privileges may be able to
access private information
Description: This issue was addressed with improved entitlements.
CVE-2021-1824: Wojciech ReguÃ…\x{130}a (@_r3ggi) of SecuRing

NSRemoteView
Available for: macOS Catalina
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1876: Matthew Denton of Google Chrome

Preferences
Available for: macOS Catalina
Impact: A local user may be able to modify protected parts of the
file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-1878: Aleksandar Nikolic of Cisco Talos
(talosintelligence.com)

Tailspin
Available for: macOS Catalina
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1868: Tim Michaud of Zoom Communications

tcpdump
Available for: macOS Catalina
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-8037: an anonymous researcher

Time Machine
Available for: macOS Catalina
Impact: A local attacker may be able to elevate their privileges
Description: The issue was addressed with improved permissions logic.
CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications
and Gary Nield of ECSC Group plc

Wi-Fi
Available for: macOS Catalina
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab

wifivelocityd
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
system privileges
Description: The issue was addressed with improved permissions logic.
CVE-2020-3838: Dayton Pidhirney (@_watbulb)

Windows Server
Available for: macOS Catalina
Impact: A malicious application may be able to unexpectedly leak a
user's credentials from secure text fields
Description: An API issue in Accessibility TCC permissions was
addressed with improved state management.
CVE-2021-1873: an anonymous researcher

Installation note:

This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO1YACgkQZcsbuWJ6
jjBNDA//cITX6Bzw+4rkTd58ZQ+2P60B30bvuMWuNmXDEyIHZz0ZMDX7Wymm9SBC
GLQ9mh9XY10/11NjdAiHZIs8BTs18CcOpjODbRTuF7d/plL6eUcsSLVbkC9hoyJF
IOAEawLoqye7f+hlsCbC00NzLlAtsR5PjkqwCTGjGBw8G8qPbLFvh72Qwagr/G05
zeEg3fRM+lecFHUZzXVkdW2WiQ6aO2ejKkhdhSCATnj+xZF1wEz/Wjb3oLQ3qOvq
i8lQg7Vcr64uF0HGCKPBmbINc7yM/ChZjs5oEyxdMc1/rxvU30nSvEc17LsVMIvM
ZJxnjhBjcTi36gL8pM8Lfh57+AG0L/EwVe6onjC7yBneEbfk5dUYuglcAB2uJwgj
V47KS0+5X9bwi33JmI/OpaaVRVCqJBO+iiZQnuQFAFFcC/F2fu6g8uKg8Vo/kg/I
d4ypBrAsybJKZvMUVKBAWb9tS0JlVKpYurl89n9F2N47BkotP4AwDsmTTFZguiG+
sfRL+uAB2xy46VvLTNx71HeFTltc7wmlZOORx7MJ4bcYI/ibJbOq612Q7GyiADeP
cKKpi4snPxv0mOiIsc4dE91RiUWfAUBmw+469EH3IWFQYMpuDtCmQPlHkrTmYu2K
gn1q0sLR6LAX/l9uQxGaSarW2ZXmrj4/dpsfmnRYS8zDDQw/0JQ=
=c954
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIecm+NLKJtyKPYoAQjgMw//Z9hI/G7obJ7sbczXaQ131MfONIwA76AN
VmqvqFkqO8BRIEjqRHDOZDb32EDl+sYIlpQzALN3ObGbe5bn5KWs3YtIQL8dC3JM
0Vfi3mD5rE2YhUAbjSdyUy7mgTqWKTC9rWCOcpUs7AeqqU0eZiI1gkgiukUJiNXD
mHqwefBK5vg8Y4qBHi+7PC/gfO7oGT5rPTImGhZUCcxM9FXQpIYw/UrruUAL9pir
Sj7fhY8FhawsyCZnvZ6L40uRA9YTUuk9HY2F9jNWvPvxI4GXiXuKEHB6IWn3f0z7
AUWCnsuWOVBxl9OMtsx27eG2lwlmQM1/n3Ly+YhX4p9yn2myieO/+/Dk9Cgw4YxC
5/Uv20DiGT8/YFDrvGeNpEW4P+DkLRo4x8xF5nspNsBbXzifYwXF/P46ysmUus+C
5SDEfuNENuTGldy/L8fjqFC3It5jrD1I0sRnKldK5MXLZ3JL8RZ2nn2tnhqpq/NY
0aEqk+2gJ47ehn5ssY9VEApfw9JGsHNoWgoyKZbpz2FZhcM6sd0zEBqd9F5M+QQj
6hNyT1dm/Dg+spLKL6PzC5fvQ4mOY2F23YGFyH8oRTwOOxesSyDG/6BepkrEfOpd
yk6rXnoDvlc57s/yCGpFHbqldVsT1FUwXKlMD+j66JH+kn34l23S26Me344JvgAD
12l7m0cI/l0=
=JXMY
-----END PGP SIGNATURE-----