Operating System:

[MAC]

Published:

22 July 2021

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2021.2492 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.2492
                      Security Update 2021-005 Mojave
                               22 July 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Mojave
Publisher:         Apple
Operating System:  Mac OS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Unauthorised Access             -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-30805 CVE-2021-30799 CVE-2021-30796
                   CVE-2021-30793 CVE-2021-30790 CVE-2021-30788
                   CVE-2021-30787 CVE-2021-30783 CVE-2021-30782
                   CVE-2021-30781 CVE-2021-30780 CVE-2021-30777
                   CVE-2021-30766 CVE-2021-30765 CVE-2021-30760
                   CVE-2021-30759 CVE-2021-30733 CVE-2021-30703
                   CVE-2021-30677 CVE-2021-30672 

Reference:         ESB-2021.1797
                   ESB-2021.1796
                   ESB-2021.1794

Original Bulletin: 
   https://support.apple.com/HT212603

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-07-21-4 Security Update 2021-005 Mojave

Security Update 2021-005 Mojave addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212603.

AMD Kernel
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30805: ABC Research s.r.o

AppKit
Available for: macOS Mojave
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day
Initiative

Audio
Available for: macOS Mojave
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30781: tr3e

Bluetooth
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30672: say2 of ENKI

CoreStorage
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: An injection issue was addressed with improved
validation.
CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video
Communications and Gary Nield of ECSC Group plc

CoreText
Available for: macOS Mojave
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30733: Sunglin from the Knownsec 404

CVMS
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video
Communications

FontParser
Available for: macOS Mojave
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30760: Sunglin of Knownsec 404 team

FontParser
Available for: macOS Mojave
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day
Initiative

FontParser
Available for: macOS Mojave
Impact: Processing a maliciously crafted tiff file may lead to a
denial-of-service or potentially disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative

Intel Graphics Driver
Available for: macOS Mojave
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: This issue was addressed with improved checks.
CVE-2021-30787: Anonymous working with Trend Micro Zero Day
Initiative

Intel Graphics Driver
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30765: Liu Long of Ant Security Light-Year Lab
CVE-2021-30766: Liu Long of Ant Security Light-Year Lab

Kernel
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A double free issue was addressed with improved memory
management.
CVE-2021-30703: an anonymous researcher

Kernel
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab

LaunchServices
Available for: macOS Mojave
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)

LaunchServices
Available for: macOS Mojave
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30783: Ron Waisberg (@epsilan)

Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved validation.
CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro

Sandbox
Available for: macOS Mojave
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved checks.
CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security

WebKit
Available for: macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30799: Sergei Glazunov of Google Project Zero

Additional recognition

configd
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

CoreServices
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.

CoreText
We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for
their assistance.

crontabs
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

IOKit
We would like to acknowledge George Nosenko for their assistance.

Spotlight
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

Installation note:

This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8gACgkQZcsbuWJ6
jjAFqw//aRrp4GJSvgT+hScSa6eEABeqAhFgN5tnuRq5i08PpnrHvHqzTHK/Mt14
XEC1ki6Vzhe68ngSqGwLllEv1UjMZ2BkCCNQWse5RmkPvjwXO815SjZyJuVWwVdf
t4zlfFaMKS/kzxugIMUD6auYUKGaqV3FJYvWYBStvbdv5veu1zuEH5d7MxeQ/A8X
32oM7I1anDUEC7yRjT4yV567ameQElIiv+plLgyQwvK4DcRCNPvpdq+7wLgnoeXU
WYFUOVsJkzFy1oOnVUmX/DQgoYW7jbZzN2+rnPRcYMl+VqpQDP0leefMOTY2OPlR
CAbJD7N67UZwC/e4PKIv6Q5q+ajqsnqo9MOmmB8kbVHn9aIU2Z52FxIv7fM58cA0
OQOYcngSHboz1q2JMjhBm+RJWy67B/1W6F/TOklbdMTlIlF/e3EkL/kpx0Svvpco
zCOv1KeS4NO/gxijkLxuZzMhFzj3Gl+hMBwwVARIR4TbvKX0oqiHetGL0ImnHVKy
P+AXZwvqSHdV9XOxz2BQoSaeMxTNfwp+TIIttbLPU8no8uUcJKgPx5fp/+nnWjrd
IPCBc0JG9f41nbx/WlVFIaBZ0idS6c5g9zxDyBI1xaxbF0LPG3ID3sx589Nj5+wL
/p8WfH/o9nv7psvQMO8PgzQ+orSZo5LOBAq1rFzwOKGPZaYNeKc=
=gcuI
- -----END PGP SIGNATURE-----
 _______________________________________________

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYPkKbeNLKJtyKPYoAQgPuQ//Q5zNrcRq/ne/xAXOXUwbPSxg4j2LKoul
cXexV7uHUfnKcd3awDr3N5LJPPMoqqEiFzXk+9gohgtq29btHS1nvxuUzPDK7TEp
XmJd0wNCX69Xymq5PZb2VxslfV/VpA+JQzxRqoa5Tbz113NWhpEV37kRLpZmxU6C
rE9vW6yRz2cPCKFudN+BJHQIIBLhtD8HaE5Mlx3fWs/4Am/UQf0KKjASZD/wEVOf
ifHhIEJfapLozJk56Mg5eMo3VUPSVdjTn5HNkLeG3YKWnxmbyLIv6HgaJCDwM/5I
AWslTM6vG7PTBUvEsODyo87tpJAzWMIUx+F6niXEHSF7MRD4oYhbQZmo9IXI+41y
HOR0iuGXdK2kR0qPXwGc++Kefe618fPcsko2ns3jOFXSPFa2KZthbxDnuHCO9c4B
tHcJXroFSDI9uJCAdzz174C21UMX5u6WMaxA0VNKqcyrQYsR7HriT/JAfKD7n8Xg
k7SKy1QZ6WTEZBj21eRoOmpMmnRWCZ7xSoNHeyc68DNfpq2sjxJmb98eV49rMOL5
GTJ6EtNOoAvus3HFctYc75GBOa6zLk24OhTHXvwHaPz635+vFP0HiFJiJQgfKtmv
eg6D+2PKO2/7+xt81zKDhdL3EsCR+V0q1MmTAU6U5rQqgPMzckvPMBDL1/ugm0Wm
ltFTzerBb1Q=
=sWoD
-----END PGP SIGNATURE-----