Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1794
Apple security updates for macOS Big Sur, macOS Catalina and macOS Mojave
25 May 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Big Sur
Catalina
Mojave
Publisher: Apple
Operating System: Mac OS
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Root Compromise -- Existing Account
Increased Privileges -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote with User Interaction
Unauthorised Access -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30749 CVE-2021-30746 CVE-2021-30744
CVE-2021-30743 CVE-2021-30740 CVE-2021-30739
CVE-2021-30738 CVE-2021-30737 CVE-2021-30736
CVE-2021-30735 CVE-2021-30734 CVE-2021-30728
CVE-2021-30727 CVE-2021-30726 CVE-2021-30725
CVE-2021-30724 CVE-2021-30723 CVE-2021-30722
CVE-2021-30721 CVE-2021-30720 CVE-2021-30719
CVE-2021-30718 CVE-2021-30717 CVE-2021-30716
CVE-2021-30715 CVE-2021-30713 CVE-2021-30712
CVE-2021-30710 CVE-2021-30709 CVE-2021-30708
CVE-2021-30707 CVE-2021-30705 CVE-2021-30704
CVE-2021-30702 CVE-2021-30701 CVE-2021-30700
CVE-2021-30698 CVE-2021-30697 CVE-2021-30696
CVE-2021-30695 CVE-2021-30694 CVE-2021-30693
CVE-2021-30692 CVE-2021-30691 CVE-2021-30690
CVE-2021-30689 CVE-2021-30688 CVE-2021-30687
CVE-2021-30686 CVE-2021-30685 CVE-2021-30684
CVE-2021-30683 CVE-2021-30682 CVE-2021-30681
CVE-2021-30680 CVE-2021-30679 CVE-2021-30678
CVE-2021-30677 CVE-2021-30676 CVE-2021-30673
CVE-2021-30671 CVE-2021-30669 CVE-2021-30668
CVE-2021-23841 CVE-2021-21779 CVE-2021-1884
CVE-2021-1883 CVE-2020-36230 CVE-2020-36229
CVE-2020-36228 CVE-2020-36227 CVE-2020-36226
CVE-2020-36225 CVE-2020-36224 CVE-2020-36223
CVE-2020-36222 CVE-2020-36221
Reference: ESB-2021.1420
ESB-2021.1419
ESB-2021.1409.2
ESB-2021.0788
ESB-2021.0429
ESB-2021.0391
Original Bulletin:
https://support.apple.com/en-us/HT212530
https://support.apple.com/en-us/HT212531
https://support.apple.com/en-us/HT212529
Comment: This bulletin contains three (3) Apple security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Security Update 2021-003 Catalina
Released May 24, 2021
AMD
Available for: macOS Catalina
Impact: A local user may be able to cause unexpected system termination or read
kernel memory
Description: A logic issue was addressed with improved state management.
CVE-2021-30676: shrek_wzw
AMD
Available for: macOS Catalina
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30678: Yu Wang of Didi Research America
AppleScript
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Catalina
Impact: Parsing a maliciously crafted audio file may lead to disclosure of user
information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Catalina
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks. This issue
was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CVMS
Available for: macOS Catalina
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Catalina
Impact: A malicious application may be able to access a user's call history
Description: An access issue was addressed with improved access restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Catalina
Impact: A remote attacker may cause an unexpected application termination or
arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Heimdal
Available for: macOS Catalina
Impact: A malicious application may cause a denial of service or potentially
disclose memory contents
Description: A memory corruption issue was addressed with improved state
management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: Processing maliciously crafted server messages may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: A malicious application could execute arbitrary code leading to
compromise of user information
Description: A use after free issue was addressed with improved memory
management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to disclosure of user
information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu
Security
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30743: CFF of Topsec Alpha Team, an anonymous researcher, and
Jeonghoon Shin(@singi21a) of THEORI working with Trend Micro Zero Day
Initiative
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted ASTC file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds
checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved state management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Catalina
Impact: Processing a maliciously crafted message may lead to a denial of
service
Description: A logic issue was addressed with improved state management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Login Window
Available for: macOS Catalina
Impact: A person with physical access to a Mac may be able to bypass Login
Window
Description: A logic issue was addressed with improved state management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An information disclosure issue was addressed with improved state
management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary code
execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved state
management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Catalina
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36229
CVE-2020-36225
CVE-2020-36224
CVE-2020-36223
CVE-2020-36227
CVE-2020-36228
CVE-2020-36221
CVE-2020-36222
CVE-2020-36230
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to perform
denial of service
Description: A logic issue was addressed with improved state management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to execute
arbitrary code
Description: A memory corruption issue was addressed with improved state
management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to leak
sensitive user information
Description: A path handling issue was addressed with improved validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to leak
sensitive user information
Description: An information disclosure issue was addressed with improved state
management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
TCC
Available for: macOS Catalina
Impact: A malicious application may be able to send unauthorized Apple events
to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research Division for
their assistance.
CFString
We would like to acknowledge an anonymous researcher for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-financial
TianQiong Security Lab for their assistance.
Information about products not manufactured by Apple, or independent websites
not controlled or tested by Apple, is provided without recommendation or
endorsement. Apple assumes no responsibility with regard to the selection,
performance, or use of third-party websites or products. Apple makes no
representations regarding third-party website accuracy or reliability. Contact
the vendor for additional information.
Published Date: May 24, 2021
- --------------------------------------------------------------------------------
Security Update 2021-004 Mojave
Released May 24, 2021
AMD
Available for: macOS Mojave
Impact: A local user may be able to cause unexpected system termination or read
kernel memory
Description: A logic issue was addressed with improved state management.
CVE-2021-30676: shrek_wzw
AMD
Available for: macOS Mojave
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30678: Yu Wang of Didi Research America
apache
Available for: macOS Mojave
Impact: Multiple issues in apache
Description: Multiple issues in apache were addressed by updating apache to
version 2.4.46.
CVE-2021-30690: an anonymous researcher
AppleScript
Available for: macOS Mojave
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state management.
CVE-2021-30669: Yair Hoffmann
Core Services
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks. This issue
was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CVMS
Available for: macOS Mojave
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Heimdal
Available for: macOS Mojave
Impact: A malicious application may cause a denial of service or potentially
disclose memory contents
Description: A memory corruption issue was addressed with improved state
management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Mojave
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Mojave
Impact: Processing maliciously crafted server messages may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Mojave
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Mojave
Impact: A malicious application could execute arbitrary code leading to
compromise of user information
Description: A use after free issue was addressed with improved memory
management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Mojave
Impact: Processing a maliciously crafted image may lead to disclosure of user
information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Mojave
Impact: Processing a maliciously crafted ASTC file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Mojave
Impact: A malicious application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds
checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
Kernel
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved state management.
CVE-2021-30704: an anonymous researcher
Login Window
Available for: macOS Mojave
Impact: A person with physical access to a Mac may be able to bypass Login
Window
Description: A logic issue was addressed with improved state management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An information disclosure issue was addressed with improved state
management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted image may lead to arbitrary code
execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved state
management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Mojave
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Mojave
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36229
CVE-2020-36225
CVE-2020-36224
CVE-2020-36223
CVE-2020-36227
CVE-2020-36228
CVE-2020-36221
CVE-2020-36222
CVE-2020-36230
smbx
Available for: macOS Mojave
Impact: An attacker in a privileged network position may be able to perform
denial of service
Description: A logic issue was addressed with improved state management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Mojave
Impact: An attacker in a privileged network position may be able to execute
arbitrary code
Description: A memory corruption issue was addressed with improved state
management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Mojave
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Mojave
Impact: An attacker in a privileged network position may be able to leak
sensitive user information
Description: A path handling issue was addressed with improved validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Mojave
Impact: An attacker in a privileged network position may be able to leak
sensitive user information
Description: An information disclosure issue was addressed with improved state
management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
Additional recognition
CFString
We would like to acknowledge an anonymous researcher for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-financial
TianQiong Security Lab for their assistance.
Information about products not manufactured by Apple, or independent websites
not controlled or tested by Apple, is provided without recommendation or
endorsement. Apple assumes no responsibility with regard to the selection,
performance, or use of third-party websites or products. Apple makes no
representations regarding third-party website accuracy or reliability. Contact
the vendor for additional information.
Published Date: May 24, 2021
- --------------------------------------------------------------------------------
macOS Big Sur 11.4
Released May 24, 2021
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system termination or read
kernel memory
Description: A logic issue was addressed with improved state management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its sandbox
Description: A path handling issue was addressed with improved validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to disclosure of user
information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks. This issue
was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose restricted
memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30686: Mickey Jin of Trend Micro
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts of the
file system
Description: A logic issue was addressed with improved state management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call history
Description: An access issue was addressed with improved access restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application termination or
arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds
checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with
Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or potentially
disclose memory contents
Description: A memory corruption issue was addressed with improved state
management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading to
compromise of user information
Description: A use after free issue was addressed with improved memory
management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure of user
information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure of user
information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu
Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system termination or read
kernel memory
Description: An out-of-bounds read issue was addressed by removing the
vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero Day
Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds
checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved state management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial of
service
Description: A logic issue was addressed with improved state management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel
privileges
Description: A buffer overflow was addressed with improved size validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its sandbox
Description: This issue was addressed with improved environment sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass Login
Window
Description: A logic issue was addressed with improved state management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Munster University of
Applied Sciences
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An information disclosure issue was addressed with improved state
management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved state
management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary code
execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary files
Description: An issue with path validation logic for hardlinks was addressed
with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to arbitrary code
execution
Description: A memory corruption issue in the ASN.1 decoder was addressed by
removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to perform
denial of service
Description: A logic issue was addressed with improved state management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to execute
arbitrary code
Description: A memory corruption issue was addressed with improved state
management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to leak
sensitive user information
Description: A path handling issue was addressed with improved validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to leak
sensitive user information
Description: An information disclosure issue was addressed with improved state
management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass Login
Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized Apple events
to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy preferences.
Apple is aware of a report that this issue may have been actively exploited.
Description: A permissions issue was addressed with improved validation.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to universal cross
site scripting
Description: A cross-origin issue with iframe elements was addressed with
improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to arbitrary code
execution
Description: A use after free issue was addressed with improved memory
management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to universal cross
site scripting
Description: A logic issue was addressed with improved state management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to arbitrary code
execution
Description: Multiple memory corruption issues were addressed with improved
memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working
with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with
Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on arbitrary
servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schutz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved input
validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research Division for
their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-financial
TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day Initiative
and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security for their
assistance.
Information about products not manufactured by Apple, or independent websites
not controlled or tested by Apple, is provided without recommendation or
endorsement. Apple assumes no responsibility with regard to the selection,
performance, or use of third-party websites or products. Apple makes no
representations regarding third-party website accuracy or reliability. Contact
the vendor for additional information.
Published Date: May 24, 2021
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYKyg9+NLKJtyKPYoAQg6Eg//Z+mqsB6/qSf+IpiHZGx5tMNt0oQgKLtW
JU2IxB6PKyj1KBPf7dkWIjBEhQMKLUAw8pSYgp8yvg2QnangSIolTFX6ld7LNnq4
1gdKH0NhBuuSq/OWpUlGlMYtuC9v5RAWem2WwtK2UilisZB+sXmbqF0Q37WLpN20
GofX30MY1WLDHhwr6KPUKeQLqL8fPyzK5oia9OSAKUD+GuR25aNxx6S/5Y5d6JRa
WlvNwQRwmPR71H/WZypXSAi0k60AazPFrLSCjvtaLyvi4q4pCg27B+SER0EbhhH4
CY84Ma/d4j8xie/i3n0CHfdHFr4OO/h5Kb88R0oyo+CSSmslFQ9Vhva1IbIZH6cA
rI+IdEOOgNEvZiU8lNVB/Fv/Hc+7G8B6pKwqpemNg8xXJ05CNqqjgPOI+/w8lZ2Z
9YwgL5t2+Ij/uqLOdkwd4Iv3ob+HzGnMwfRZ2CCbRWC5ohQbtM/9FWgFxiNB2HYO
3foK1yWmsQMUASKuvesIk+yNzwarz9EeatI/qfnBPlgNIc9JQa5f5LrG42W8yFXT
D/oXR4UlhrcJHoYuVT0tIsH3EI3wel8L+0W7IddycasplKS6rpNO1DI2LmY/W77j
uafoEEztrryecWjRQ9l+AXwgnbnpKtt2wth/8rApEZqtAPXDdVk8RZUDii1hsFNd
9KpIjizp7Vw=
=jUwq
-----END PGP SIGNATURE-----