Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.4265 APPLE-SA-2021-12-15-4 Security Update 2021-008 Catalina 16 December 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: macOS Catalina Publisher: Apple Operating System: macOS Impact/Access: Root Compromise -- Existing Account Execute Arbitrary Code/Commands -- Remote with User Interaction Modify Permissions -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-30995 CVE-2021-30990 CVE-2021-30982 CVE-2021-30981 CVE-2021-30980 CVE-2021-30979 CVE-2021-30977 CVE-2021-30976 CVE-2021-30975 CVE-2021-30973 CVE-2021-30971 CVE-2021-30969 CVE-2021-30968 CVE-2021-30965 CVE-2021-30963 CVE-2021-30961 CVE-2021-30959 CVE-2021-30958 CVE-2021-30950 CVE-2021-30949 CVE-2021-30945 CVE-2021-30942 CVE-2021-30941 CVE-2021-30940 CVE-2021-30939 CVE-2021-30938 CVE-2021-30937 CVE-2021-30935 CVE-2021-30931 CVE-2021-30929 CVE-2021-30927 CVE-2021-30767 Reference: ESB-2021.4260 ESB-2021.4262 Original Bulletin: https://support.apple.com/HT212981 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-12-15-4 Security Update 2021-008 Catalina Security Update 2021-008 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212981. Archive Utility Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30950: @gorelics Bluetooth Available for: macOS Catalina Impact: A malicious application may be able to disclose kernel memory Description: A logic issue was addressed with improved validation. CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America Bluetooth Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30935: an anonymous researcher ColorSync Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. CVE-2021-30942: Mateusz Jurczyk of Google Project Zero CoreAudio Available for: macOS Catalina Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: macOS Catalina Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab CVE-2021-30961: an anonymous researcher CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab Crash Reporter Available for: macOS Catalina Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Graphics Drivers Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30977: Jack Dates of RET2 Systems, Inc. Help Viewer Available for: macOS Catalina Impact: Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk Description: A path handling issue was addressed with improved validation. CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30981: an anonymous researcher, Liu Long of Ant Security Light-Year Lab IOUSBHostFamily Available for: macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: A race condition was addressed with improved locking. CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero LaunchServices Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved validation. CVE-2021-30990: Ron Masas of BreakPoint.sh LaunchServices Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may disclose memory contents Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security Preferences Available for: macOS Catalina Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t) Sandbox Available for: macOS Catalina Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security Script Editor Available for: macOS Catalina Impact: A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions Description: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. CVE-2021-30975: Ryan Pickren (ryanpickren.com) TCC Available for: macOS Catalina Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics TCC Available for: macOS Catalina Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients Description: A logic issue was addressed with improved state management. CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security Wi-Fi Available for: macOS Catalina Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: This issue was addressed with improved checks. CVE-2021-30938: Xinru Chi of Pangu Lab Additional recognition Admin Framework We would like to acknowledge Simon Andersen of Aarhus University and Pico Mitchell for their assistance. ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance. Contacts We would like to acknowledge Minchan Park (03stin) for their assistance. Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance. Model I/O We would like to acknowledge Rui Yang and Xingwei Lin of Ant Security Light-Year Lab for their assistance. Installation note: This update may be obtained from the Mac App Store Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UncACgkQeC9qKD1p rhjGSBAAoeUkEMVuTZr0ZVlGyC5t9WhyhwA61KTb175rNIYhcZcIXHrNyNZjoSem +clW2k6Cjr4p9pc9aP7JLT47C+FKTQ1zh2FujC2OOsCXm2Wl8hJWS7FIYwpjEXrx ZtklOX826rmYIXrQ4YJhpDgwiIjA8bL8oiRHIA3jz3ZcWsSIg8aFJos+8hkSE7zc dvDnhKTBA02u9TkCMR5Wr+jTnWWT6qyKj99WYxdRlVPkNNOHQC0AldYSkItHCdtg xEx5/3T4zTi1AqCikb1avzPhKSgFHQyZ9BSxVHkcGIo4bgK4Wxlmb6I2/qi9PB6E dJMbwsXKtFxY25GzYbPMeTDeIXeF2wBWfgwUau6kkL77xUXrQZjxh3K2goxnkuid ZRWMhmXZ38NcnkLgYVB8mN3db2/hcgi8+G682Z9EKyzUWpQz+szpZ8pxuIVGcTPV visbanyF6jfLrWrIgrRPfPini/hph51BGZuo2+2aQis/ULgtfvMGTvbirIjP0fa/ AatIMHkYm9EgvjWLLoaFUWMEIAsbkC/YUe3SLVti9h+3Z+jQ+Wbu+6vQhgKHFdC/ cnqcvYCLL/Ltx1ukw4GJD/e+I8F2eY5aRpMxDd4FCjLW2BVxm+JJE+CXcG54HHXX +TY9buDFMorLtIjGaCnQf/5cUo/K2ExhFT8689VkdkPUI8VCBAQ= =EWN0 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYbqSC+NLKJtyKPYoAQiDtA//TvZEF0bTK21KFsPx15bcMw7XHTGWI5h2 aUjy79rECL0t5E3RpcG2ZurFswnNMxvSweEep8Te4LLRUKIxDYyYLYiFcZUctz5x DD5GlimhmaY7yT+kh4JITkbtTiCUuhYWSWz0VptCfCyizd9yBSrOPHKQMP4ptwso Pqnd4y9EJbcKqpBgysdhpP0Zn/3USIMFPCK7BOstCMtqPQh2mPypyNCSQOl40t7R ire2dMrmOqopiMw1ci7yIlgJTdPRbUenkMctrtZddYl3nVot82kG1o72KaqejHzb iY1sqF1shvTzLnrYoA72Vw0qSfvDgTzMeAuzHXazhVEOkrH+6eDcM7zE/tmojauP FiJS3ZMi7whKh4Ggarm07wnqIac6bTze+4uvRPoGEAx5jAQNXTdP9WWrOlwyMEEV KcmfMR3QVxr9/fwHFrGC/V/sX+8uLJjPjgk+8sP3vFlHO2c+kEZ3OzgOUIsmXmVL MEwnsX9b0MC9Q8AViMUAh3bVH+38JZcjWdVQGP8xbLpExH0jzbPil5XzcymjmvHx beR7Ycv2Vhyi3yVghJqW2UGl9fsl7AmsyejERSZWQ1ZYLlpqJGtZ8xf5t5+YLyd7 Z2GBdQzlY0G6CF6wzAP/xk2qsIcPnKdB60uFts2He4rEhTKYIsZmMsV9EvETOODR EPXZue3zQFU= =s8/E -----END PGP SIGNATURE-----