-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1417
                  Apple security update for macOS Mojave
                               27 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           macOS Mojave
Publisher:         Apple
Operating System:  Mac OS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Modify Arbitrary Files          -- Existing Account            
                   Denial of Service               -- Remote/Unauthenticated      
                   Provide Misleading Information  -- Remote/Unauthenticated      
                   Access Confidential Data        -- Existing Account            
                   Reduced Security                -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-30652 CVE-2021-1881 CVE-2021-1878
                   CVE-2021-1876 CVE-2021-1875 CVE-2021-1873
                   CVE-2021-1868 CVE-2021-1860 CVE-2021-1857
                   CVE-2021-1851 CVE-2021-1847 CVE-2021-1843
                   CVE-2021-1840 CVE-2021-1839 CVE-2021-1834
                   CVE-2021-1828 CVE-2021-1813 CVE-2021-1811
                   CVE-2021-1809 CVE-2021-1808 CVE-2021-1806
                   CVE-2021-1805 CVE-2021-1797 CVE-2021-1784
                   CVE-2021-1739 CVE-2020-27942 CVE-2020-8286
                   CVE-2020-8285 CVE-2020-8037 CVE-2020-3838

Reference:         ESB-2021.1408
                   ESB-2021.0467
                   ESB-2021.0354

Original Bulletin: 
   https://support.apple.com/HT212327

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave

Security Update 2021-003 Mojave addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212327.

APFS
Available for: macOS Mojave
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann

Audio
Available for: macOS Mojave
Impact: An application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab

CFNetwork
Available for: macOS Mojave
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1857: an anonymous researcher

CoreAudio
Available for: macOS Mojave
Impact: A malicious application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab

CoreGraphics
Available for: macOS Mojave
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1847: Xuwei Liu of Purdue University

CoreText
Available for: macOS Mojave
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab

curl
Available for: macOS Mojave
Impact: A remote attacker may be able to cause a denial of service
Description: A buffer overflow was addressed with improved input
validation.
CVE-2020-8285: xnynx

curl
Available for: macOS Mojave
Impact: An attacker may provide a fraudulent OCSP response that would
appear valid
Description: This issue was addressed with improved checks.
CVE-2020-8286: an anonymous researcher

DiskArbitration
Available for: macOS Mojave
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A permissions issue existed in DiskArbitration. This was
addressed with additional ownership checks.
CVE-2021-1784: Csaba Fitzl (@theevilbit) of Offensive Security, an
anonymous researcher, and Mikko Kenttälä (@Turmio_) of SensorFu

FontParser
Available for: macOS Mojave
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous
researcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin of Trend Micro

FontParser
Available for: macOS Mojave
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-27942: an anonymous researcher

Foundation
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: A validation issue was addressed with improved logic.
CVE-2021-1813: Cees Elzinga

ImageIO
Available for: macOS Mojave
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1843: Ye Zhang of Baidu Security

Intel Graphics Driver
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative

Intel Graphics Driver
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with additional
validation.
CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative

Intel Graphics Driver
Available for: macOS Mojave
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative

Kernel
Available for: macOS Mojave
Impact: A malicious application may be able to disclose kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1860: @0xalsr

Kernel
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1851: @0xalsr

Kernel
Available for: macOS Mojave
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab

libxpc
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2021-30652: James Hutchins

libxslt
Available for: macOS Mojave
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: A double free issue was addressed with improved memory
management.
CVE-2021-1875: Found by OSS-Fuzz

NSRemoteView
Available for: macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1876: Matthew Denton of Google Chrome

Preferences
Available for: macOS Mojave
Impact: A local user may be able to modify protected parts of the
file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

smbx
Available for: macOS Mojave
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-1878: Aleksandar Nikolic of Cisco Talos
(talosintelligence.com)

Tailspin
Available for: macOS Mojave
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1868: Tim Michaud of Zoom Communications

tcpdump
Available for: macOS Mojave
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-8037: an anonymous researcher

Time Machine
Available for: macOS Mojave
Impact: A local attacker may be able to elevate their privileges
Description: The issue was addressed with improved permissions logic.
CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications
and Gary Nield of ECSC Group plc

Wi-Fi
Available for: macOS Mojave
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab

wifivelocityd
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
system privileges
Description: The issue was addressed with improved permissions logic.
CVE-2020-3838: Dayton Pidhirney (@_watbulb)

Windows Server
Available for: macOS Mojave
Impact: A malicious application may be able to unexpectedly leak a
user's credentials from secure text fields
Description: An API issue in Accessibility TCC permissions was
addressed with improved state management.
CVE-2021-1873: an anonymous researcher

Installation note:

This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2EACgkQZcsbuWJ6
jjBHBhAAmHYbcREaaxOXQwrb56He+ool1GyXUCGknHRnEO6Ik0nyE/GeUPuv8Y/Q
/ywr188mv3ehtjFlXWpHtqwOn0KoNlAlcE+jy9r3QGTxNmBM2z30FeC0wiYYEi7s
I5xWkZIcnO1jq2CMGVHHfbLhyLnkWblwWvCOWriCRzbTocEWgEqwrh/uguTVRWB4
oVo8+uHcdiS2gqS0LIMbbvP6SGkfPwVlL8Mr/e96xdditiRbZX01GkAm0l5ezYHt
xrs8378fmQK3su4dHrkHpFpTmT3Yib8Jtotat8cgu6lWxLGEFR5kOye4QIjFCl/a
UhnR52nlMyYlh4anbqUs7PAh2QDVa3scaRfGTdAogPfaZIAhaaiuj8qXUOsAxEhk
rf0TOXmgCDfhuaA08Ys43sgUgunPLOa2+jMT4VspLZxDTkWLDrGFjlM4P5643WrT
ITAKLoqq8SOhce6gd3VECvG+EK/fBWrdwzsVDzfxU3yW3kSCKxX25KcRePwJZAAu
s1ZZpIZdY7rmi1DwafNSig2dncjUZJy6AhiI5w6cpQzBOQVioU8oac2JDi1X2Rn1
k/D3VQfmYas7HGqUSwx3MUx+yybktm+8Ogo+vtcRKCzUF5t13bwpyAda0mJ62c6L
I/ISWomRdC4XX3AQL5EJLzO9slpOBqWsbQb0cULdt+mb4H+nLDE=
=NZ77
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIecq+NLKJtyKPYoAQiedg//V/axOIs8dOeNnIx0DMS9oSEW/jX9y5ad
RrUHBPza0F3kHYTTn7eAT71aiTyDPkp7zxJ80LKeAhI5rUIERw5Oag2wOpWGo9Gg
PB29xC6oG5fokL9LKWgBHromQwf/UBy//3CF0b5706ona1Wu8WnR+w/fIn3tj4R4
VSR2/grXjfakXuDZa6lomtna7QUKTVoZNHkzHM/A89HCpWrMc9eiGQXO2ac7EvVY
GFvFwpJfxNeSkBhrQsoS6mZ35u9NQeYOA7sCRuP330SARI166oEbSMj6UBaHx53i
PkB8OgKATGTINa/Ja0T47rY8OCmHeRxpmSrH9oSQMp54XunIY4vTm+tUUXCvWKCJ
+9DfAvdZcgx4EWcLh992V5LlV+mRMFFPipFJgIBFr+XEcUe674uRqn1z+Dk3pxiL
1+X2MUVGbx3y4ALSivrUsQjf1p7fNjTq8lYvfva6TAxrUL1yrxb8/q0wIwcR2hUk
bZtYX4jiJnl1LIHljeeiJiCibBpWXwKhHMYGDxWiATcCexxNxgsQhkPyISmqcxQy
VHrH58A1Aan0knNjFLrvjYFH8NRMiRbwCXK/YECP/iCRMRyvO2lNIZD0xlRzJU1U
OnutMQBCZbS/UK5WXy1ZLUUI1JINyky0DBR+sHvpYU0xuSYSAwnMfhQt2yef+Y80
ogdJKKQfMfo=
=Yxpi
-----END PGP SIGNATURE-----