Sign-up

ID

VAR-202108-1290


CVE

CVE-2021-30975


TITLE

apple's  Apple Mac OS X  and  macOS  Fraud related to unauthorized authentication in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021144

DESCRIPTION

This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions. apple's Apple Mac OS X and macOS Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-12-15-4 Security Update 2021-008 Catalina Security Update 2021-008 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212981. Archive Utility Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30950: @gorelics Bluetooth Available for: macOS Catalina Impact: A malicious application may be able to disclose kernel memory Description: A logic issue was addressed with improved validation. CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America Bluetooth Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30935: an anonymous researcher ColorSync Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. CVE-2021-30942: Mateusz Jurczyk of Google Project Zero CoreAudio Available for: macOS Catalina Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: macOS Catalina Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab CVE-2021-30961: an anonymous researcher CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab Crash Reporter Available for: macOS Catalina Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Graphics Drivers Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30977: Jack Dates of RET2 Systems, Inc. Help Viewer Available for: macOS Catalina Impact: Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk Description: A path handling issue was addressed with improved validation. CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30981: an anonymous researcher, Liu Long of Ant Security Light-Year Lab IOUSBHostFamily Available for: macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: A race condition was addressed with improved locking. CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero LaunchServices Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved validation. CVE-2021-30990: Ron Masas of BreakPoint.sh LaunchServices Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may disclose memory contents Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security Preferences Available for: macOS Catalina Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t) Sandbox Available for: macOS Catalina Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30975: Ryan Pickren (ryanpickren.com) TCC Available for: macOS Catalina Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics TCC Available for: macOS Catalina Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients Description: A logic issue was addressed with improved state management. CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security Wi-Fi Available for: macOS Catalina Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: This issue was addressed with improved checks. CVE-2021-30938: Xinru Chi of Pangu Lab Additional recognition Admin Framework We would like to acknowledge Simon Andersen of Aarhus University and Pico Mitchell for their assistance. ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance. Contacts We would like to acknowledge Minchan Park (03stin) for their assistance. Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance. Model I/O We would like to acknowledge Rui Yang and Xingwei Lin of Ant Security Light-Year Lab for their assistance. Installation note: This update may be obtained from the Mac App Store Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UncACgkQeC9qKD1p rhjGSBAAoeUkEMVuTZr0ZVlGyC5t9WhyhwA61KTb175rNIYhcZcIXHrNyNZjoSem +clW2k6Cjr4p9pc9aP7JLT47C+FKTQ1zh2FujC2OOsCXm2Wl8hJWS7FIYwpjEXrx ZtklOX826rmYIXrQ4YJhpDgwiIjA8bL8oiRHIA3jz3ZcWsSIg8aFJos+8hkSE7zc dvDnhKTBA02u9TkCMR5Wr+jTnWWT6qyKj99WYxdRlVPkNNOHQC0AldYSkItHCdtg xEx5/3T4zTi1AqCikb1avzPhKSgFHQyZ9BSxVHkcGIo4bgK4Wxlmb6I2/qi9PB6E dJMbwsXKtFxY25GzYbPMeTDeIXeF2wBWfgwUau6kkL77xUXrQZjxh3K2goxnkuid ZRWMhmXZ38NcnkLgYVB8mN3db2/hcgi8+G682Z9EKyzUWpQz+szpZ8pxuIVGcTPV visbanyF6jfLrWrIgrRPfPini/hph51BGZuo2+2aQis/ULgtfvMGTvbirIjP0fa/ AatIMHkYm9EgvjWLLoaFUWMEIAsbkC/YUe3SLVti9h+3Z+jQ+Wbu+6vQhgKHFdC/ cnqcvYCLL/Ltx1ukw4GJD/e+I8F2eY5aRpMxDd4FCjLW2BVxm+JJE+CXcG54HHXX +TY9buDFMorLtIjGaCnQf/5cUo/K2ExhFT8689VkdkPUI8VCBAQ=EWN0 -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2021-30975 // JVNDB: JVNDB-2021-021144 // VULHUB: VHN-390708 // VULMON: CVE-2021-30975 // PACKETSTORM: 165357

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.1

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:12.0 that's all 12.1

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:11.0 that's all 11.6.2

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-021144 // NVD: CVE-2021-30975

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30975
value: HIGH

Trust: 1.0

NVD: CVE-2021-30975
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202108-2100
value: HIGH

Trust: 0.6

VULHUB: VHN-390708
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30975
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390708
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30975
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-30975
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390708 // JVNDB: JVNDB-2021-021144 // CNNVD: CNNVD-202108-2100 // NVD: CVE-2021-30975

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-390708 // JVNDB: JVNDB-2021-021144 // NVD: CVE-2021-30975

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2100

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202108-2100

PATCH

title:HT212979 Apple  Security updateurl:https://support.apple.com/en-us/HT212978

Trust: 0.8

title:Apple macOS Big Sur Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176609

Trust: 0.6

sources: JVNDB: JVNDB-2021-021144 // CNNVD: CNNVD-202108-2100

EXTERNAL IDS

db:NVDid:CVE-2021-30975

Trust: 3.5

db:PACKETSTORMid:165357

Trust: 0.8

db:JVNDBid:JVNDB-2021-021144

Trust: 0.8

db:CS-HELPid:SB2021121431

Trust: 0.6

db:AUSCERTid:ESB-2021.4265

Trust: 0.6

db:CNNVDid:CNNVD-202108-2100

Trust: 0.6

db:VULHUBid:VHN-390708

Trust: 0.1

db:VULMONid:CVE-2021-30975

Trust: 0.1

sources: VULHUB: VHN-390708 // VULMON: CVE-2021-30975 // JVNDB: JVNDB-2021-021144 // PACKETSTORM: 165357 // CNNVD: CNNVD-202108-2100 // NVD: CVE-2021-30975

REFERENCES

url:https://support.apple.com/en-us/ht212979

Trust: 2.3

url:https://support.apple.com/en-us/ht212978

Trust: 1.7

url:https://support.apple.com/en-us/ht212981

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30975

Trust: 0.9

url:https://www.cybersecurity-help.cz/vdb/sb2021121431

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4265

Trust: 0.6

url:https://packetstormsecurity.com/files/165357/apple-security-advisory-2021-12-15-4.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30961

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30958

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30969

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30927

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30939

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30941

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30963

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30977

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30976

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30965

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30973

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30931

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30959

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30937

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://support.apple.com/ht212981.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30968

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30940

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30949

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30767

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30942

Trust: 0.1

sources: VULHUB: VHN-390708 // VULMON: CVE-2021-30975 // JVNDB: JVNDB-2021-021144 // PACKETSTORM: 165357 // CNNVD: CNNVD-202108-2100 // NVD: CVE-2021-30975

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 165357

SOURCES

db:VULHUBid:VHN-390708
db:VULMONid:CVE-2021-30975
db:JVNDBid:JVNDB-2021-021144
db:PACKETSTORMid:165357
db:CNNVDid:CNNVD-202108-2100
db:NVDid:CVE-2021-30975

LAST UPDATE DATE

2024-08-14T12:46:20.680000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390708date:2021-12-30T00:00:00
db:VULMONid:CVE-2021-30975date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-021144date:2024-07-18T01:46:00
db:CNNVDid:CNNVD-202108-2100date:2021-12-31T00:00:00
db:NVDid:CVE-2021-30975date:2023-11-07T03:34:09.190

SOURCES RELEASE DATE

db:VULHUBid:VHN-390708date:2021-08-24T00:00:00
db:VULMONid:CVE-2021-30975date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-021144date:2024-07-18T00:00:00
db:PACKETSTORMid:165357date:2021-12-17T19:19:44
db:CNNVDid:CNNVD-202108-2100date:2021-08-24T00:00:00
db:NVDid:CVE-2021-30975date:2021-08-24T19:15:23.167