Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2490
APPLE-SA-2021-07-21-2 macOS Big Sur 11.5
22 July 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: macOS Big Sur
Publisher: Apple
Operating System: Mac OS
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30805 CVE-2021-30803 CVE-2021-30799
CVE-2021-30798 CVE-2021-30797 CVE-2021-30796
CVE-2021-30795 CVE-2021-30793 CVE-2021-30792
CVE-2021-30791 CVE-2021-30790 CVE-2021-30789
CVE-2021-30788 CVE-2021-30787 CVE-2021-30786
CVE-2021-30785 CVE-2021-30784 CVE-2021-30783
CVE-2021-30782 CVE-2021-30781 CVE-2021-30780
CVE-2021-30779 CVE-2021-30778 CVE-2021-30777
CVE-2021-30776 CVE-2021-30775 CVE-2021-30774
CVE-2021-30772 CVE-2021-30768 CVE-2021-30766
CVE-2021-30765 CVE-2021-30760 CVE-2021-30759
CVE-2021-30758 CVE-2021-30748 CVE-2021-3518
Reference: ESB-2021.2485
ESB-2021.2175
ESB-2021.1547
Original Bulletin:
https://support.apple.com/HT212602
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-07-21-2 macOS Big Sur 11.5
macOS Big Sur 11.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212602.
AMD Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30805: ABC Research s.r.o
AppKit
Available for: macOS Big Sur
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day
Initiative
Audio
Available for: macOS Big Sur
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30781: tr3e
AVEVideoEncoder
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30748: George Nosenko
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: macOS Big Sur
Impact: Playing a malicious audio file may lead to an unexpected
application termination
Description: A logic issue was addressed with improved validation.
CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics
Available for: macOS Big Sur
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A race condition was addressed with improved state
handling.
CVE-2021-30786: ryuzaki
CoreServices
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: This issue was addressed with improved checks.
CVE-2021-30772: Zhongcheng Li (CK01)
CoreServices
Available for: macOS Big Sur
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30783: Ron Waisberg (@epsilan)
CoreStorage
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: An injection issue was addressed with improved
validation.
CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video
Communications and Gary Nield of ECSC Group plc
CoreText
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of
Knownsec 404 team
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30774: Yizhuo Wang of Group of Software Security In
Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University
CVMS
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video
Communications
dyld
Available for: macOS Big Sur
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved validation.
CVE-2021-30768: Linus Henze (pinauten.de)
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30760: Sunglin of Knownsec 404 team
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted tiff file may lead to a
denial-of-service or potentially disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day
Initiative
Identity Services
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's recent
Contacts
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30803: Csaba Fitzl (@theevilbit) of Offensive Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of
Trend Micro
Intel Graphics Driver
Available for: macOS Big Sur
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: This issue was addressed with improved checks.
CVE-2021-30787: Anonymous working with Trend Micro Zero Day
Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30766: Liu Long of Ant Security Light-Year Lab
CVE-2021-30765: Liu Long of Ant Security Light-Year Lab
IOKit
Available for: macOS Big Sur
Impact: A local attacker may be able to execute code on the Apple T2
Security Chip
Description: Multiple issues were addressed with improved logic.
CVE-2021-30784: George Nosenko
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab
Kext Management
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed with improved entitlements.
CVE-2021-30778: Csaba Fitzl (@theevilbit) of Offensive Security
libxml2
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2021-3518
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved validation.
CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30792: Anonymous working with Trend Micro Zero Day
Initiative
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30791: Anonymous working with Trend Micro Zero Day
Initiative
Sandbox
Available for: macOS Big Sur
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved checks.
CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: A logic issue was addressed with improved state
management.
CVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30758: Christoph Guttandin of Media Codings
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30795: Sergei Glazunov of Google Project Zero
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to code
execution
Description: This issue was addressed with improved checks.
CVE-2021-30797: Ivan Fratric of Google Project Zero
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30799: Sergei Glazunov of Google Project Zero
Additional recognition
configd
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
CoreText
We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for
their assistance.
crontabs
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Spotlight
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8YACgkQZcsbuWJ6
jjAHog//cJsC4OL9lXnFSg2S4cf/eiIPNiUv4T2I5DvDFsmeUGF0hXsfKkOgNw+9
Mp4qW/3mzVDoB5nQpyjRie/zGNsmpEKLThakL7z9mJs+lYWhBJOJEZMlZqLD/7hZ
dtBG2K28Ffw7ATeivEVtIY8LbAbPbwQqDd0HpUgtnJH6SWKL+9n4ZnppR8jJWmwi
ltopPIMfzwzon0CejZU+SY2Kfpb5DnerNpthH6idTkgt8btqwoscKzmcvu0Ek8bh
aq/0Mv/RbyUw8WIEZuPFICX+4yPVb/WiVFRVTGOiP/97EibqLGrQceiczBPJTfe4
D2aafbG+eyVMujjVMDPs1/q3T1GEZHBmETj7Pqigar/ymSfJfwnwYdhpPyYbffY7
iwUxvH5HFDeiotlMELeqdx/2sIVtMrx8IEtnaofevOcY1BP2gmQR+G849B0Rixn1
phCMK38NMp+jrWpdgx4MwO23puMBDWyRZdWn+dygwG3cPnr9/hdTOKB1B1wgpuys
3R5DbmSkOVWmtq+bumEafkywH7bA04SX9R7+jNwtXfEE82ToMJmEvLR5/PmCiMDM
N22My4OWcjOjX8AT8wA732Vi6J2qytxMbkIupa794fy9Oea2WTPlFwcw1YKhP4NO
Mvs1tHLJb/hwxc1Nyi4ojPZNYKNn6Gs/E16VEQt+X33bX3vU18E=
=fuQ1
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYPkJt+NLKJtyKPYoAQjgexAAlU6co9ViZ1pOX1/Jhvl2mx6syeOX8mVG
BLkXkWJpXGb/vq2kX5YX+UrTKQkvmfc1f7hi8vUT05NXm6p1oS7lsqyGyxO5GmOc
dyX80kS6R53lvJcEC0IiQ3JsU0XrSTYDvigMt78ekyURaeadKAL9N9tC3Vi1Tmnz
TaY+JVq/3KotsuGfHUQgI8Co/g/lQngFkJ2oReNri2YJDbkmQizR7rAHs96sSvrX
Vdb6Q9ZyARdTcZsrULblnlsRimpl+bmsoxpJvtAP7vfXa8UxEEWcsUrvUZKGMPm+
jB9N/xZARumzx/zT58KR2QBCfRa+fZjEBSj5sLfKNjC9LXN3DVFmnpdaUDGu0x2T
7pw+rVV8BH9icCFPzGcEY8xdAXpHgWzAJeotmRJBc431FGVyBMpcal4K4xrI2lqN
gSUR880wseXivbQZCYFySN2+9/wdNGOPXsYkJCTZE0X6mw7SfrYYBPcA1cgEhA3E
5wgnfyAmmfqe52LrqBEOGSxACek3HMnkKy/rUGT2Sc1Jg3DwkzFEjh4P2n0vjztE
DbW8UqdfNRQ1DJmPrPCjkvsvy3uY4C5PHazAcASPj9lHnMYQRbdSXB3pEje4BAg+
khxZOQlVXQQz0FoAs01LlatjJ4mjq5Lji9lSpAf2hfnqoKNxHg+5VXDJ0UAMIvMP
M7Yr6FhT310=
=k+DU
-----END PGP SIGNATURE-----