Operating System:

[MAC]

Published:

27 October 2021

Protect yourself against future threats.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.3563
                           macOS Big Sur 11.6.1
                              27 October 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           macOS Big Sur
Publisher:         Apple
Operating System:  macOS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Increased Privileges            -- Remote with User Interaction
                   Overwrite Arbitrary Files       -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-30919 CVE-2021-30917 CVE-2021-30916
                   CVE-2021-30915 CVE-2021-30913 CVE-2021-30912
                   CVE-2021-30911 CVE-2021-30910 CVE-2021-30909
                   CVE-2021-30908 CVE-2021-30907 CVE-2021-30906
                   CVE-2021-30901 CVE-2021-30899 CVE-2021-30892
                   CVE-2021-30883 CVE-2021-30881 CVE-2021-30880
                   CVE-2021-30879 CVE-2021-30877 CVE-2021-30876
                   CVE-2021-30868 CVE-2021-30824 CVE-2021-30821

Original Bulletin: 
   https://support.apple.com/HT212872

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-10-26-4 macOS Big Sur 11.6.1

macOS Big Sur 11.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212872.

AppleScript
Available for: macOS Big Sur
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30876: Jeremy Brown, hjy79425575
CVE-2021-30879: Jeremy Brown, hjy79425575
CVE-2021-30877: Jeremy Brown
CVE-2021-30880: Jeremy Brown

Audio
Available for: macOS Big Sur
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab

Bluetooth
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America

ColorSync
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles. This issue was addressed with improved input
validation.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero

CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919

FileProvider
Available for: macOS Big Sur
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360

iCloud
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga

Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto

Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab, Yinyi Wu (@3ndy1), Jack Dates of RET2 Systems, Inc.

IOGraphics
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video
Communications

IOMobileFrameBuffer
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30883: an anonymous researcher

Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab

Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30916: Zweig of Kunlun Lab

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab

SMB
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs

SoftwareUpdate
Available for: macOS Big Sur
Impact: An unprivileged application may be able to edit NVRAM
variables
Description: The issue was addressed with improved permissions logic.
CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab

SoftwareUpdate
Available for: macOS Big Sur
Impact: A malicious application may gain access to a user's Keychain
items
Description: The issue was addressed with improved permissions logic.
CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab

UIKit
Available for: macOS Big Sur
Impact: A person with physical access to an iOS device may be able to
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos

Windows Server
Available for: macOS Big Sur
Impact: A local attacker may be able to view the previous logged-in
userâ\x{128}\x{153}s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2021-30908: ASentientBot

zsh
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An inherited permissions issue was addressed with
additional restrictions.
CVE-2021-30892: Jonathan Bar Or of Microsoft

Additional recognition

iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.

Installation note:
This update may be obtained from the Mac App Store

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hqoACgkQeC9qKD1p
rhjexhAAtR/7FXVHWotw6RoCYu2agcJCed2Jnnf47+RKSptNEqvMwaknr2eQBUKb
1PQ0vVS3vLGALM73r8Kg1VcxQYTb27uVc1KCkTLIsMHsGLHmH+ZWEVS/ZwfS3nnY
fLxemzNKTYc21935GT8Uvx6pEENh7Tfu+j/arZ4nbhtE04Ggbgxhv78k4wdlLbLI
Z25whdX8EResx9Rh9mRBa/WDvqNfTkXEkjIAf2ge0H9MzzW/wB5UdUOwG/B9zUOi
9S21Xn+QUhIpyaeZ0tUKHJs2g5L3bJtKuXyO5Msd2kkO2942o4ONMiXe7loSEowf
POz/D9Y465T65LFJgTMjwObx716u9JdMlyxr9UIVI2TnQE3WHs6y/jHv1Pz8q5nV
k5o//Fdcp4YHeOdoumGN+o/PvxxQ0XEunVT26msMuntcK4hywOFneufxixVDQFf1
4nP+0JGX+PGfqg5uBNJOi3nJwvjTqA6YtDBEbXBcV5WOCPOPzDTzxeXIp4WxyxH5
UKO5ne2XH2T6O0Vde4enAIXVWAhBMUha8FrHdPYEfWphsYgI7+vYuCYZORHPz6Zf
Yf9svUpqb2u0gDs2iibi0GANw+3vzOaDOV3y4HKighI8xzs8m6+YNyOkcbEPPLyQ
7T5tzulHTMJczutLmpiiFDmIoKE3+s5PGmzrlM1qWUGrfpv+ReY=
=XZJU
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYXjYreNLKJtyKPYoAQg1jw//eFCQM27Nsdd+f6RPUqkO/cFn/yuPGka3
1iMV1MaqhUw9/jS43Ie5NSgZCGmDFQtSKkKLm30kh/SGdYSHVkiuMggf86hefj+m
GwqdoWTOmaJH/kTD3TdghTOolMFYz1QkgUMZtdy9cGZW6JFuEHScIYKmZmL/m1sT
tElxE9mZ/0wm79EIaqVkCZ48nPETaeiMBSf2yyN8pbVl85bcXwWeII7odkVC29Ys
vdX42GpkKazqq+Tp8fj4rge1B0P8M9bD01MIyJzn6mA1V3JSV58R2YGZuwhmDrCt
pS/jM0WM1L3NQfqEJAlgtS+fCsWv9aGRU4C1YGnL0nBRsOsUhRxi6H6tw0tYuCt5
U3kY1BF4GsCDYXD8PmSg1R7rdjg7kK/4G7dClytN30ugh3drrCbdl4r3c5kWexRt
ABQLp6BPr4HveoqYrvgZvvaHswQLPMvtiHQMlP8SGObmHhTphCZc6YzONuK6j7ta
SphpUjTfETevYSRhQ5Q27bm4s3OaqJTDfwSDegIJ0g67Ed+vwqCmF8ZgBv8E7Jxx
I0OB1rnKPGXaFWpsGsnIz+xTrjpDwiRoyV1mqAtbsWAP0jAU0qQsr9ZfGOxJAUYR
6WZPsqw29WKjCKay7a32hVgV5XP3uxDUV3s5D58I7JwmCJAUmRzro789oceIV8iU
CRyUz2AXU/U=
=Hboy
-----END PGP SIGNATURE-----