VARIoT IoT vulnerabilities database
| VAR-202108-2118 | CVE-2021-30874 | Missing authentication vulnerability in multiple Apple products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A VPN configuration may be installed by an app without user permission. apple's iPadOS , iOS , macOS Exists in a vulnerability related to the lack of authentication.Information may be tampered with. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none
| VAR-202108-2122 | CVE-2021-30852 | Mistype vulnerability in multiple Apple products |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution. iPadOS , iOS , macOS Multiple Apple products have a type mixup vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-10 Additional information for
APPLE-SA-2021-09-20-2 watchOS 8
watchOS 8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212819.
Accessory Manager
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2021-30837: an anonymous researcher
AppleMobileFileIntegrity
Available for: Apple Watch Series 3 and later
Impact: A local attacker may be able to read sensitive information
Description: This issue was addressed with improved checks.
CVE-2021-30811: an anonymous researcher working with Compartir
bootp
Available for: Apple Watch Series 3 and later
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium)
Entry added October 25, 2021
CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Processing a malicious audio file may result in unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab
Entry added October 25, 2021
FaceTime
Available for: Apple Watch Series 3 and later
Impact: An application with microphone permission may unexpectedly
access microphone input during a FaceTime call
Description: A logic issue was addressed with improved validation.
CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime
Entry added October 25, 2021
FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
Entry added October 25, 2021
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30835: Ye Zhang of Baidu Security
CVE-2021-30847: Mike Zhang of Pangu Lab
Kernel
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
libexpat
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Preferences
Available for: Apple Watch Series 3 and later
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Preferences
Available for: Apple Watch Series 3 and later
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Sandbox
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved checks.
CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: The issue was resolved with additional restrictions on
CSS compositing.
CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research
Entry added October 25, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: An attacker in a privileged network position may be able to
bypass HSTS
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30823: David Gullasch of Recurity Labs
Entry added October 25, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs
Entry added October 25, 2021
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30851: Samuel Groß of Google Project Zero
Wi-Fi
Available for: Apple Watch Series 3 and later
Impact: An attacker in physical proximity may be able to force a user
onto a malicious Wi-Fi network during device setup
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30810: an anonymous researcher
Additional recognition
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
UIKit
We would like to acknowledge an anonymous researcher for their
assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4h0EACgkQeC9qKD1p
rhjcPxAA0x7qg2GycQ0GJb8VqWSNGGbhKVkwocTvEtOKZmebfdCXWnJ6vycp731f
Zz5AtfK1S/SIaQbLLTsZUwuVN9AweRvymsuK3EYCPBupi0hA7G0CQudQ9jFfa70+
cfqW2CLrkZB9FiD0Y6hLRaUR/WczdCeFnD87I4XziqM8JVfPi1YMZ3QndLFR+qoR
DOH5cVZQg/EYNuynyIUtLpsbtLCzGiYdkuDb1xozgklY8SYLhOsGP4tbU7ACpbRs
7DEU1laGGByyGz8T3/Z9n7x1589lxDk7VSUPflnv0Fq6FYiahAvKOZQDsAjhs1sI
YA4QvtjsEjRq/p/rnElrMYd91e/QuOtixFcYY360YP/FPhHGfBHS7dEko5q/6JwG
mGrjm/rHMVfsqSzoLZShdDQrRKz76mW0F2bWWggQqka4GxHtDNGPpYYQJLndQqvu
W0RxoYFNBFex39na/nqkVjJNAO1GRFoZy1B0PpjgKbwV3Wn4pGgHcj5ToC15oGUJ
078BFgQW4ucEj59d9hWg0di4JEgFFgph5KwO66BY0LUrHdHVpC5GGccxt1aDXC0j
i2uJIlofj/mU1PUBZ0vZ1JP2tDGgEmcKzgStCtYS4ZqK01wA6kKWfF0jpsbFGnXe
57sksI5rtKpbiIiZ4/GRhIQTUNRgIOPoy9rUZnbAtWuUKXWZIrw=
=mdve
-----END PGP SIGNATURE-----
| VAR-202108-2083 | CVE-2021-30912 | apple's Apple Mac OS X and macOS Improper Permission Preservation Vulnerability in |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access to a user's Keychain items. apple's Apple Mac OS X and macOS contains an improper permissions retention vulnerability.Information may be obtained.
Information about the security content is also available at
https://support.apple.com/HT212872.
AppleScript
Available for: macOS Big Sur
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30876: Jeremy Brown, hjy79425575
CVE-2021-30879: Jeremy Brown, hjy79425575
CVE-2021-30877: Jeremy Brown
CVE-2021-30880: Jeremy Brown
Audio
Available for: macOS Big Sur
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab
Bluetooth
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America
ColorSync
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero
CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919
FileProvider
Available for: macOS Big Sur
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360
iCloud
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab, Yinyi Wu (@3ndy1), Jack Dates of RET2 Systems, Inc.
IOGraphics
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video
Communications
IOMobileFrameBuffer
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
CVE-2021-30883: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30916: Zweig of Kunlun Lab
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
SMB
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs
SoftwareUpdate
Available for: macOS Big Sur
Impact: An unprivileged application may be able to edit NVRAM
variables
Description: The issue was addressed with improved permissions logic.
CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
SoftwareUpdate
Available for: macOS Big Sur
Impact: A malicious application may gain access to a user's Keychain
items
Description: The issue was addressed with improved permissions logic.
CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
UIKit
Available for: macOS Big Sur
Impact: A person with physical access to an iOS device may be able to
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos
Windows Server
Available for: macOS Big Sur
Impact: A local attacker may be able to view the previous logged-in
user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2021-30908: ASentientBot
zsh
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An inherited permissions issue was addressed with
additional restrictions.
CVE-2021-30892: Jonathan Bar Or of Microsoft
Additional recognition
iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
Installation note:
This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hqoACgkQeC9qKD1p
rhjexhAAtR/7FXVHWotw6RoCYu2agcJCed2Jnnf47+RKSptNEqvMwaknr2eQBUKb
1PQ0vVS3vLGALM73r8Kg1VcxQYTb27uVc1KCkTLIsMHsGLHmH+ZWEVS/ZwfS3nnY
fLxemzNKTYc21935GT8Uvx6pEENh7Tfu+j/arZ4nbhtE04Ggbgxhv78k4wdlLbLI
Z25whdX8EResx9Rh9mRBa/WDvqNfTkXEkjIAf2ge0H9MzzW/wB5UdUOwG/B9zUOi
9S21Xn+QUhIpyaeZ0tUKHJs2g5L3bJtKuXyO5Msd2kkO2942o4ONMiXe7loSEowf
POz/D9Y465T65LFJgTMjwObx716u9JdMlyxr9UIVI2TnQE3WHs6y/jHv1Pz8q5nV
k5o//Fdcp4YHeOdoumGN+o/PvxxQ0XEunVT26msMuntcK4hywOFneufxixVDQFf1
4nP+0JGX+PGfqg5uBNJOi3nJwvjTqA6YtDBEbXBcV5WOCPOPzDTzxeXIp4WxyxH5
UKO5ne2XH2T6O0Vde4enAIXVWAhBMUha8FrHdPYEfWphsYgI7+vYuCYZORHPz6Zf
Yf9svUpqb2u0gDs2iibi0GANw+3vzOaDOV3y4HKighI8xzs8m6+YNyOkcbEPPLyQ
7T5tzulHTMJczutLmpiiFDmIoKE3+s5PGmzrlM1qWUGrfpv+ReY=
=XZJU
-----END PGP SIGNATURE-----
| VAR-202109-0772 | CVE-2021-23051 | plural F5 Networks Product vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. plural F5 Networks The product contains unspecified vulnerabilities. This vulnerability is CVE-2020-5862 This is a vulnerability caused by an incomplete fix for.Service operation interruption (DoS) It may be in a state
| VAR-202108-2085 | CVE-2021-30911 | Out-of-bounds read vulnerability in multiple Apple products |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, iOS 15.1 and iPadOS 15.1, macOS Big Sur 11.6.1. Processing a maliciously crafted USD file may disclose memory contents. iPadOS , iOS , Apple Mac OS X Multiple Apple products contain out-of-bounds read vulnerabilities.Information may be obtained. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.
CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab, Yinyi Wu (@3ndy1), Jack Dates of RET2 Systems, Inc.
CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video
Communications
IOMobileFrameBuffer
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs
SoftwareUpdate
Available for: macOS Big Sur
Impact: An unprivileged application may be able to edit NVRAM
variables
Description: The issue was addressed with improved permissions logic.
CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
SoftwareUpdate
Available for: macOS Big Sur
Impact: A malicious application may gain access to a user's Keychain
items
Description: The issue was addressed with improved permissions logic.
CVE-2021-30915: Kostas Angelopoulos
Windows Server
Available for: macOS Big Sur
Impact: A local attacker may be able to view the previous logged-in
user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2021-30908: ASentientBot
zsh
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An inherited permissions issue was addressed with
additional restrictions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-1 iOS 15.1 and iPadOS 15.1
iOS 15.1 and iPadOS 15.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212867.
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab
ColorSync
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero
Continuity Camera
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30903: an anonymous researcher
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro
CoreGraphics
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919
FileProvider
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30900: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30914: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab
iCloud
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga
Image Processing
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30894: Pan ZhenPeng (@Peterpan0927) of Alibaba Security
Pandora Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30886: @0xalsr
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30916: Zweig of Kunlun Lab
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to view contacts from the lock
screen
Description: A lock screen issue allowed access to contacts on a
locked device.
CVE-2021-30875: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain
College of Technology
UIKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos
Voice Control
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30902: 08Tc3wBB of ZecOps Mobile EDR Team
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
unexpectedly unenforced Content Security Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt.
Ltd.
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30890: an anonymous researcher
Additional recognition
iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
Mail
We would like to acknowledge Fabian Ising and Damian Poddebniak of
Münster University of Applied Sciences for their assistance.
NetworkExtension
We would like to acknowledge Alex Bauer of Branch for their
assistance.
WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero,
Pavel Gromadchuk, an anonymous researcher for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "15.1"
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hlwACgkQeC9qKD1p
rhhZzA//eK6xk7AnCtAA81RgI7GizGPrMG3g/G+tpHAtaiwEB82Fi904h7FVPAr8
3ehHIqYHjc3+gHrOAa+/oWoVD0BSMWEjvJbrf9w2i0LNn6YmcFgPorwhcfIjnAhz
cVAVRdz+iQdmaF5UBxuPdqGinJXpeMi6Az4dUH114bgOkB9LeQNEb+1zvkxmgi+O
KoTCONfWHeC4hbEPcqHNxZm3/R/rvSoeNnKbtehPsp4vSNzeV9Bc1XlHcoZDsWyd
QPfV2ffLMsj2S1cvcwoH5y/JLsmEpyuEEOSKx211Te/T+B8gO8PdCbzzhtAwkF8Z
sL6JD+midcrz4dirYuc1qHs0ITqyhHTSgUM062tK6+V8tpyf3r4FLI2TWBAQcpnE
QkVYIOyyvj/0GMEygBl4A7WpWGLU1wDCAGLY4BhSy1DSx5ybF73FzZfr4xqBP7R1
0MFw/uBQR+BZ/2xyO1bh5VB0Q2eSQoCfQ2nBh5bAYRq6Ioy09+3F1maLVdQxlSyg
pwKL6FZHIbPqtJmessoCVwtB6XqYl53IqsG8b/DdL9wqZmSSCgePqezh46uANNJw
q/u3x5t5mK6vMc9rK0nwYN1l8GM9LgOH5IU083+9cfRm/bfD09OlbR9NFQvnpjJC
2N3fQ6rFWRlteIRiAfLtY1UvkaDzS1vpzq2+tYR+MppKJ2bvIXI=
=gWEM
-----END PGP SIGNATURE-----
| VAR-202108-2075 | CVE-2021-30882 | Vulnerabilities in multiple Apple products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A logic issue was addressed with improved validation. This issue is fixed in watchOS 8, iOS 15 and iPadOS 15. An application with microphone permission may unexpectedly access microphone input during a FaceTime call. apple's iPadOS , iOS , watchOS Exists in unspecified vulnerabilities.Information may be tampered with. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none
| VAR-202108-2066 | CVE-2021-30881 | Input validation vulnerability in multiple Apple products |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An input validation issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Unpacking a maliciously crafted archive may lead to arbitrary code execution. iPadOS , iOS , Apple Mac OS X Multiple Apple products contain vulnerabilities related to input validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-3 macOS Monterey 12.0.1
macOS Monterey 12.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212869.
AppKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30873: Thijs Alkemade of Computest
AppleScript
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30876: Jeremy Brown, hjy79425575
CVE-2021-30879: Jeremy Brown, hjy79425575
CVE-2021-30877: Jeremy Brown
CVE-2021-30880: Jeremy Brown
Audio
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab
Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America
ColorSync
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero
Continuity Camera
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30903: an anonymous researcher
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro
CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919
FileProvider
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360
Game Center
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to access information
about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30895: Denis Tokarev
Game Center
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to read user's gameplay
data
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30896: Denis Tokarev
iCloud
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab, Jack Dates of
RET2 Systems, Inc.
IOGraphics
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video
Communications
IOMobileFrameBuffer
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30883: an anonymous researcher
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30886: @0xalsr
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30916: Zweig of Kunlun Lab
LaunchServices
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30864: Ron Hass (@ronhass7) of Perception Point
Login Window
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A person with access to a host Mac may be able to bypass the
Login Window in Remote Desktop for a locked instance of macOS
Description: This issue was addressed with improved checks.
CVE-2021-30813: Benjamin Berger of BBetterTech LLC, Peter Goedtkindt
of Informatique-MTF S.A., an anonymous researcher
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to read sensitive information
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30920: Csaba Fitzl (@theevilbit) of Offensive Security
SMB
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs
SoftwareUpdate
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may gain access to a user's Keychain
items
Description: The issue was addressed with improved permissions logic.
CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
SoftwareUpdate
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An unprivileged application may be able to edit NVRAM
variables
Description: The issue was addressed with improved permissions logic.
CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
UIKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A person with physical access to an iOS device may be
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An attacker in a privileged network position may be able to
bypass HSTS
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30823: David Gullasch of Recurity Labs
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
unexpectedly unenforced Content Security Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt.
Ltd.
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30861: Wojciech Reguła (@_r3ggi), Ryan Pickren
(ryanpickren.com)
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30890: an anonymous researcher
Windows Server
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to view the previous logged in
user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2021-30908: ASentientBot
xar
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Unpacking a maliciously crafted archive may allow an attacker
to write arbitrary files
Description: This issue was addressed with improved checks.
CVE-2021-30833: Richard Warren of NCC Group
zsh
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An inherited permissions issue was addressed with
additional restrictions.
CVE-2021-30892: Jonathan Bar Or of Microsoft
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
App Support
We would like to acknowledge an anonymous researcher, 漂亮鼠 of 赛博回忆录
for their assistance.
Bluetooth
We would like to acknowledge say2 of ENKI for their assistance.
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Mail
We would like to acknowledge Fabian Ising and Damian Poddebniak of
Münster University of Applied Sciences for their assistance.
Managed Configuration
We would like to acknowledge Michal Moravec of Logicworks, s.r.o. for
their assistance.
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero,
Pavel Gromadchuk, an anonymous researcher for their assistance.
Installation note:
This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hpwACgkQeC9qKD1p
rhhm0Q//fIQiOk2S9w2qirXapPqEpyI9LNJnGX/RCrsZGN/iFkgvt27/RYLhHHQk
efqxE6nnXdUaj9HoIIHiG4rKxIhfkscw1dF9igvmYm6j+V2KMiRxp1Pev1zMzsBI
N6F7mJ4SiATHDTJATU8uCqIqHRQsvcIrHCjovblqGfuZxzvsjkvtRc0eXC0XAARf
xW0WRNbTBoCOEsMp92hNI45B/oK05b1aHm2pY529gE6GRBBl0ymVo30fQ7vmIoJY
Uajc6pDNeJ1MhSpo0k+Z+eVodSdBN2EutKZfU5+4t2GzqeW5nLZFa/oqXObXBhXk
i8bptOhceBu6qD9poSgkS5EdH4OdRQMcMjsQLIRJj3N/MwZBhGvsLQDlyGmtd+VG
a0s+pna/WoFwzw800CYRarmL0rRsZ4zZza0iuKArhrLlQCw+ee6XNL+1U50zvMaW
oT3gNkf3faCqQDxecIcQTj7xwt2tHV87p7uqELiuUZaCk5UoQBsWxGeGebFGxUq5
pJVQvnr4RVrDkpOQjbKj8w9mWoSZcvKlhRNL9J5kW75zd32vwnaVMlVkIG8vfvoK
sgq/VfKrOW+EV1IMAh4iuaMiLAPjwBzMiRfjvRZFeJmTaMaTOxDKHwkG5YwPNp5W
0FlhV1S2pAmGlQZgvTxkBthtU9A9giuH+oHSGJDjr70Q7de8lJ4=
=3Pcg
-----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may
have been actively exploited.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-202109-0788 | CVE-2021-23050 | plural F5 Networks Product vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NGINX App Protect on all versions before 3.5.0, when a cross-site request forgery (CSRF)-enabled policy is configured on a virtual server, an undisclosed HTML response may cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Advanced WAF , BIG-IP ASM , NGINX App Protect Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The vulnerability stems from the fact that an attacker can cause a fatal error through the CSRF policy of F5 BIG-IP WAF/ASM, thereby triggering a denial of service
| VAR-202109-0784 | CVE-2021-23046 | Guided Configuration Vulnerability regarding information leakage from log files in |
CVSS V2: 3.5 CVSS V3: 4.9 Severity: MEDIUM |
On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged in restnoded logs. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The vulnerability stems from the fact that attackers can use F5 BIG-IP's Logged AGC Secure Properties to bypass data access restrictions and obtain sensitive information
| VAR-202108-2057 | CVE-2021-30883 | Out-of-bounds write vulnerability in multiple Apple products |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. iPadOS , iOS , macOS Multiple Apple products have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-3 macOS Monterey 12.0.1
macOS Monterey 12.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212869.
AppKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30873: Thijs Alkemade of Computest
AppleScript
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30876: Jeremy Brown, hjy79425575
CVE-2021-30879: Jeremy Brown, hjy79425575
CVE-2021-30877: Jeremy Brown
CVE-2021-30880: Jeremy Brown
Audio
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab
Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America
ColorSync
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero
Continuity Camera
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30903: an anonymous researcher
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro
CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919
FileProvider
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360
Game Center
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to access information
about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30895: Denis Tokarev
Game Center
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to read user's gameplay
data
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30896: Denis Tokarev
iCloud
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab, Jack Dates of
RET2 Systems, Inc.
IOGraphics
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video
Communications
IOMobileFrameBuffer
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30883: an anonymous researcher
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30886: @0xalsr
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30916: Zweig of Kunlun Lab
LaunchServices
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30864: Ron Hass (@ronhass7) of Perception Point
Login Window
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A person with access to a host Mac may be able to bypass the
Login Window in Remote Desktop for a locked instance of macOS
Description: This issue was addressed with improved checks.
CVE-2021-30813: Benjamin Berger of BBetterTech LLC, Peter Goedtkindt
of Informatique-MTF S.A., an anonymous researcher
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to read sensitive information
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30920: Csaba Fitzl (@theevilbit) of Offensive Security
SMB
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs
SoftwareUpdate
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may gain access to a user's Keychain
items
Description: The issue was addressed with improved permissions logic.
CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
SoftwareUpdate
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An unprivileged application may be able to edit NVRAM
variables
Description: The issue was addressed with improved permissions logic.
CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
UIKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A person with physical access to an iOS device may be
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An attacker in a privileged network position may be able to
bypass HSTS
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30823: David Gullasch of Recurity Labs
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
unexpectedly unenforced Content Security Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt.
Ltd.
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30861: Wojciech Reguła (@_r3ggi), Ryan Pickren
(ryanpickren.com)
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30890: an anonymous researcher
Windows Server
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to view the previous logged in
user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2021-30908: ASentientBot
xar
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Unpacking a maliciously crafted archive may allow an attacker
to write arbitrary files
Description: This issue was addressed with improved checks.
CVE-2021-30833: Richard Warren of NCC Group
zsh
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An inherited permissions issue was addressed with
additional restrictions.
CVE-2021-30892: Jonathan Bar Or of Microsoft
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
App Support
We would like to acknowledge an anonymous researcher, 漂亮鼠 of 赛博回忆录
for their assistance.
Bluetooth
We would like to acknowledge say2 of ENKI for their assistance.
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Mail
We would like to acknowledge Fabian Ising and Damian Poddebniak of
Münster University of Applied Sciences for their assistance.
Managed Configuration
We would like to acknowledge Michal Moravec of Logicworks, s.r.o. for
their assistance.
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero,
Pavel Gromadchuk, an anonymous researcher for their assistance.
Installation note:
This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hpwACgkQeC9qKD1p
rhhm0Q//fIQiOk2S9w2qirXapPqEpyI9LNJnGX/RCrsZGN/iFkgvt27/RYLhHHQk
efqxE6nnXdUaj9HoIIHiG4rKxIhfkscw1dF9igvmYm6j+V2KMiRxp1Pev1zMzsBI
N6F7mJ4SiATHDTJATU8uCqIqHRQsvcIrHCjovblqGfuZxzvsjkvtRc0eXC0XAARf
xW0WRNbTBoCOEsMp92hNI45B/oK05b1aHm2pY529gE6GRBBl0ymVo30fQ7vmIoJY
Uajc6pDNeJ1MhSpo0k+Z+eVodSdBN2EutKZfU5+4t2GzqeW5nLZFa/oqXObXBhXk
i8bptOhceBu6qD9poSgkS5EdH4OdRQMcMjsQLIRJj3N/MwZBhGvsLQDlyGmtd+VG
a0s+pna/WoFwzw800CYRarmL0rRsZ4zZza0iuKArhrLlQCw+ee6XNL+1U50zvMaW
oT3gNkf3faCqQDxecIcQTj7xwt2tHV87p7uqELiuUZaCk5UoQBsWxGeGebFGxUq5
pJVQvnr4RVrDkpOQjbKj8w9mWoSZcvKlhRNL9J5kW75zd32vwnaVMlVkIG8vfvoK
sgq/VfKrOW+EV1IMAh4iuaMiLAPjwBzMiRfjvRZFeJmTaMaTOxDKHwkG5YwPNp5W
0FlhV1S2pAmGlQZgvTxkBthtU9A9giuH+oHSGJDjr70Q7de8lJ4=
=3Pcg
-----END PGP SIGNATURE-----
. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates.
CVE-2021-30894: Pan ZhenPeng (@Peterpan0927) of Alibaba Security
Pandora Lab
IOMobileFrameBuffer
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges.
Installation note:
Apple TV will periodically check for software updates.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-202108-1290 | CVE-2021-30975 | apple's Apple Mac OS X and macOS Fraud related to unauthorized authentication in |
CVSS V2: 6.8 CVSS V3: 8.6 Severity: HIGH |
This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions. apple's Apple Mac OS X and macOS Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-12-15-4 Security Update 2021-008 Catalina
Security Update 2021-008 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212981.
Archive Utility
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30950: @gorelics
Bluetooth
Available for: macOS Catalina
Impact: A malicious application may be able to disclose kernel memory
Description: A logic issue was addressed with improved validation.
CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America
Bluetooth
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30935: an anonymous researcher
ColorSync
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue in the processing of ICC
profiles was addressed with improved input validation.
CVE-2021-30942: Mateusz Jurczyk of Google Project Zero
CoreAudio
Available for: macOS Catalina
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: macOS Catalina
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab
CVE-2021-30961: an anonymous researcher
CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab
Crash Reporter
Available for: macOS Catalina
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Graphics Drivers
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-30977: Jack Dates of RET2 Systems, Inc.
Help Viewer
Available for: macOS Catalina
Impact: Processing a maliciously crafted URL may cause unexpected
JavaScript execution from a file on disk
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab, Mickey Jin (@patch1t) of Trend Micro
Intel Graphics Driver
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-30981: an anonymous researcher, Liu Long of Ant Security
Light-Year Lab
IOUSBHostFamily
Available for: macOS Catalina
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: A race condition was addressed with improved locking.
CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America
Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30927: Xinru Chi of Pangu Lab
CVE-2021-30980: Xinru Chi of Pangu Lab
Kernel
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2021-30937: Sergei Glazunov of Google Project Zero
Kernel
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30949: Ian Beer of Google Project Zero
LaunchServices
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved validation.
CVE-2021-30990: Ron Masas of BreakPoint.sh
LaunchServices
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent
Security Xuanwu Lab
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security
Preferences
Available for: macOS Catalina
Impact: A malicious application may be able to elevate privileges
Description: A race condition was addressed with improved state
handling.
CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin
(@patch1t)
Sandbox
Available for: macOS Catalina
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: A validation issue related to hard link behavior was
addressed with improved sandbox restrictions.
CVE-2021-30975: Ryan Pickren (ryanpickren.com)
TCC
Available for: macOS Catalina
Impact: A local user may be able to modify protected parts of the
file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30767: @gorelics
TCC
Available for: macOS Catalina
Impact: A malicious application may be able to cause a denial of
service to Endpoint Security clients
Description: A logic issue was addressed with improved state
management.
CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security
Wi-Fi
Available for: macOS Catalina
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: This issue was addressed with improved checks.
CVE-2021-30938: Xinru Chi of Pangu Lab
Additional recognition
Admin Framework
We would like to acknowledge Simon Andersen of Aarhus University and
Pico Mitchell for their assistance.
ColorSync
We would like to acknowledge Mateusz Jurczyk of Google Project Zero
for their assistance.
Contacts
We would like to acknowledge Minchan Park (03stin) for their
assistance.
Kernel
We would like to acknowledge Amit Klein of Bar-Ilan University's
Center for Research in Applied Cryptography and Cyber Security for
their assistance.
Model I/O
We would like to acknowledge Rui Yang and Xingwei Lin of Ant Security
Light-Year Lab for their assistance.
Installation note:
This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UncACgkQeC9qKD1p
rhjGSBAAoeUkEMVuTZr0ZVlGyC5t9WhyhwA61KTb175rNIYhcZcIXHrNyNZjoSem
+clW2k6Cjr4p9pc9aP7JLT47C+FKTQ1zh2FujC2OOsCXm2Wl8hJWS7FIYwpjEXrx
ZtklOX826rmYIXrQ4YJhpDgwiIjA8bL8oiRHIA3jz3ZcWsSIg8aFJos+8hkSE7zc
dvDnhKTBA02u9TkCMR5Wr+jTnWWT6qyKj99WYxdRlVPkNNOHQC0AldYSkItHCdtg
xEx5/3T4zTi1AqCikb1avzPhKSgFHQyZ9BSxVHkcGIo4bgK4Wxlmb6I2/qi9PB6E
dJMbwsXKtFxY25GzYbPMeTDeIXeF2wBWfgwUau6kkL77xUXrQZjxh3K2goxnkuid
ZRWMhmXZ38NcnkLgYVB8mN3db2/hcgi8+G682Z9EKyzUWpQz+szpZ8pxuIVGcTPV
visbanyF6jfLrWrIgrRPfPini/hph51BGZuo2+2aQis/ULgtfvMGTvbirIjP0fa/
AatIMHkYm9EgvjWLLoaFUWMEIAsbkC/YUe3SLVti9h+3Z+jQ+Wbu+6vQhgKHFdC/
cnqcvYCLL/Ltx1ukw4GJD/e+I8F2eY5aRpMxDd4FCjLW2BVxm+JJE+CXcG54HHXX
+TY9buDFMorLtIjGaCnQf/5cUo/K2ExhFT8689VkdkPUI8VCBAQ=EWN0
-----END PGP SIGNATURE-----
| VAR-202108-2072 | CVE-2021-30857 | Race condition vulnerability in multiple Apple products |
CVSS V2: 7.6 CVSS V3: 7.0 Severity: HIGH |
A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges. iPadOS , iOS , Apple Mac OS X Race condition vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information about the security content is also available at
https://support.apple.com/HT212804.
CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
Entry added September 20, 2021
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Entry added September 20, 2021
Gatekeeper
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
Entry added September 20, 2021
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30847: Mike Zhang of Pangu Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30859: Apple
Entry added September 20, 2021
libexpat
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Entry added September 20, 2021
Preferences
Available for: macOS Big Sur
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Entry added September 20, 2021
Sandbox
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A remote attacker may be able to leak memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30858: an anonymous researcher
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
App Support
We would like to acknowledge @CodeColorist, an anonymous researcher
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Entry added September 20, 2021
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added September 20, 2021
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Entry added September 20, 2021
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added September 20, 2021
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY
eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B
+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4
5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv
4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD
t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn
bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu
R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC
NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9
4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3
85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=
=9bjT
-----END PGP SIGNATURE-----
| VAR-202108-1294 | CVE-2021-30979 | Classic buffer overflow vulnerability in multiple Apple products |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. iPadOS , iOS , Apple Mac OS X Classic buffer overflow vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ModelIO framework. Crafted data in a ABC file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process
| VAR-202109-0783 | CVE-2021-23034 | plural F5 Networks Vulnerability related to resource disclosure to the wrong area in the product |
CVSS V2: 7.1 CVSS V3: 7.5 Severity: HIGH |
On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cache resolver is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. plural F5 Networks The product contains a resource disclosure vulnerability to the wrong area.Service operation interruption (DoS) It may be in a state
| VAR-202109-0774 | CVE-2021-23053 | BIG-IP Advanced WAF and BIG-IP ASM Resource exhaustion vulnerability in |
CVSS V2: 4.3 CVSS V3: 5.3 Severity: MEDIUM |
On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Advanced WAF and BIG-IP ASM Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The vulnerability stems from the fact that attackers can use the Brute Force of F5 BIG-IP WAF/ASM to fill the database and cause fatal errors to trigger denial of service
| VAR-202108-2053 | CVE-2021-30896 | Vulnerabilities in multiple Apple products |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to read user's gameplay data. iPadOS , iOS , macOS Unspecified vulnerabilities exist in multiple Apple products.Information may be obtained. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none.
Information about the security content is also available at
https://support.apple.com/HT212869.
AppKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30873: Thijs Alkemade of Computest
AppleScript
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30876: Jeremy Brown, hjy79425575
CVE-2021-30879: Jeremy Brown, hjy79425575
CVE-2021-30877: Jeremy Brown
CVE-2021-30880: Jeremy Brown
Audio
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab
Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America
ColorSync
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero
Continuity Camera
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30903: an anonymous researcher
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro
CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919
FileProvider
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360
Game Center
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to access information
about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30895: Denis Tokarev
Game Center
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to read user's gameplay
data
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30896: Denis Tokarev
iCloud
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab, Jack Dates of
RET2 Systems, Inc.
IOGraphics
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video
Communications
IOMobileFrameBuffer
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30883: an anonymous researcher
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30886: @0xalsr
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30916: Zweig of Kunlun Lab
LaunchServices
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30864: Ron Hass (@ronhass7) of Perception Point
Login Window
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A person with access to a host Mac may be able to bypass the
Login Window in Remote Desktop for a locked instance of macOS
Description: This issue was addressed with improved checks.
CVE-2021-30813: Benjamin Berger of BBetterTech LLC, Peter Goedtkindt
of Informatique-MTF S.A., an anonymous researcher
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to read sensitive information
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30920: Csaba Fitzl (@theevilbit) of Offensive Security
SMB
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs
SoftwareUpdate
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may gain access to a user's Keychain
items
Description: The issue was addressed with improved permissions logic.
CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
SoftwareUpdate
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An unprivileged application may be able to edit NVRAM
variables
Description: The issue was addressed with improved permissions logic.
CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
UIKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A person with physical access to an iOS device may be
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An attacker in a privileged network position may be able to
bypass HSTS
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30823: David Gullasch of Recurity Labs
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
unexpectedly unenforced Content Security Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt.
Ltd.
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30861: Wojciech Reguła (@_r3ggi), Ryan Pickren
(ryanpickren.com)
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30890: an anonymous researcher
Windows Server
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to view the previous logged in
user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2021-30908: ASentientBot
xar
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Unpacking a maliciously crafted archive may allow an attacker
to write arbitrary files
Description: This issue was addressed with improved checks.
CVE-2021-30833: Richard Warren of NCC Group
zsh
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An inherited permissions issue was addressed with
additional restrictions.
CVE-2021-30892: Jonathan Bar Or of Microsoft
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
App Support
We would like to acknowledge an anonymous researcher, 漂亮鼠 of 赛博回忆录
for their assistance.
Bluetooth
We would like to acknowledge say2 of ENKI for their assistance.
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Mail
We would like to acknowledge Fabian Ising and Damian Poddebniak of
Münster University of Applied Sciences for their assistance.
Managed Configuration
We would like to acknowledge Michal Moravec of Logicworks, s.r.o. for
their assistance.
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero,
Pavel Gromadchuk, an anonymous researcher for their assistance.
Installation note:
This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hpwACgkQeC9qKD1p
rhhm0Q//fIQiOk2S9w2qirXapPqEpyI9LNJnGX/RCrsZGN/iFkgvt27/RYLhHHQk
efqxE6nnXdUaj9HoIIHiG4rKxIhfkscw1dF9igvmYm6j+V2KMiRxp1Pev1zMzsBI
N6F7mJ4SiATHDTJATU8uCqIqHRQsvcIrHCjovblqGfuZxzvsjkvtRc0eXC0XAARf
xW0WRNbTBoCOEsMp92hNI45B/oK05b1aHm2pY529gE6GRBBl0ymVo30fQ7vmIoJY
Uajc6pDNeJ1MhSpo0k+Z+eVodSdBN2EutKZfU5+4t2GzqeW5nLZFa/oqXObXBhXk
i8bptOhceBu6qD9poSgkS5EdH4OdRQMcMjsQLIRJj3N/MwZBhGvsLQDlyGmtd+VG
a0s+pna/WoFwzw800CYRarmL0rRsZ4zZza0iuKArhrLlQCw+ee6XNL+1U50zvMaW
oT3gNkf3faCqQDxecIcQTj7xwt2tHV87p7uqELiuUZaCk5UoQBsWxGeGebFGxUq5
pJVQvnr4RVrDkpOQjbKj8w9mWoSZcvKlhRNL9J5kW75zd32vwnaVMlVkIG8vfvoK
sgq/VfKrOW+EV1IMAh4iuaMiLAPjwBzMiRfjvRZFeJmTaMaTOxDKHwkG5YwPNp5W
0FlhV1S2pAmGlQZgvTxkBthtU9A9giuH+oHSGJDjr70Q7de8lJ4=
=3Pcg
-----END PGP SIGNATURE-----
.
CVE-2021-30894: Pan ZhenPeng (@Peterpan0927) of Alibaba Security
Pandora Lab
IOMobileFrameBuffer
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Installation note:
Apple TV will periodically check for software updates.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-202108-2119 | CVE-2021-30867 | Authentication vulnerabilities in multiple Apple products |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
The issue was addressed with improved authentication. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access photo metadata without needing permission to access photos. apple's iPadOS , iOS , macOS There is an authentication vulnerability in.Information may be obtained. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none
| VAR-202108-2048 | CVE-2021-30903 | Vulnerabilities in multiple Apple products |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
This issue was addressed with improved checks. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1. A local attacker may be able to cause unexpected application termination or arbitrary code execution. iPadOS , iOS , Apple Mac OS X Unspecified vulnerabilities exist in multiple Apple products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
Information about the security content is also available at
https://support.apple.com/HT212869.
AppKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30873: Thijs Alkemade of Computest
AppleScript
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30876: Jeremy Brown, hjy79425575
CVE-2021-30879: Jeremy Brown, hjy79425575
CVE-2021-30877: Jeremy Brown
CVE-2021-30880: Jeremy Brown
Audio
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab
Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America
ColorSync
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero
Continuity Camera
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30903: an anonymous researcher
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro
CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919
FileProvider
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360
Game Center
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to access information
about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30895: Denis Tokarev
Game Center
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to read user's gameplay
data
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30896: Denis Tokarev
iCloud
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab, Jack Dates of
RET2 Systems, Inc.
IOGraphics
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video
Communications
IOMobileFrameBuffer
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30883: an anonymous researcher
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30886: @0xalsr
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30916: Zweig of Kunlun Lab
LaunchServices
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30864: Ron Hass (@ronhass7) of Perception Point
Login Window
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A person with access to a host Mac may be able to bypass the
Login Window in Remote Desktop for a locked instance of macOS
Description: This issue was addressed with improved checks.
CVE-2021-30813: Benjamin Berger of BBetterTech LLC, Peter Goedtkindt
of Informatique-MTF S.A., an anonymous researcher
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to read sensitive information
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30920: Csaba Fitzl (@theevilbit) of Offensive Security
SMB
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs
SoftwareUpdate
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may gain access to a user's Keychain
items
Description: The issue was addressed with improved permissions logic.
CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
SoftwareUpdate
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An unprivileged application may be able to edit NVRAM
variables
Description: The issue was addressed with improved permissions logic.
CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
UIKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A person with physical access to an iOS device may be
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An attacker in a privileged network position may be able to
bypass HSTS
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30823: David Gullasch of Recurity Labs
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
unexpectedly unenforced Content Security Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt.
Ltd.
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30861: Wojciech Reguła (@_r3ggi), Ryan Pickren
(ryanpickren.com)
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30890: an anonymous researcher
Windows Server
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to view the previous logged in
user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2021-30908: ASentientBot
xar
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Unpacking a maliciously crafted archive may allow an attacker
to write arbitrary files
Description: This issue was addressed with improved checks.
CVE-2021-30833: Richard Warren of NCC Group
zsh
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An inherited permissions issue was addressed with
additional restrictions.
CVE-2021-30892: Jonathan Bar Or of Microsoft
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
App Support
We would like to acknowledge an anonymous researcher, 漂亮鼠 of 赛博回忆录
for their assistance.
Bluetooth
We would like to acknowledge say2 of ENKI for their assistance.
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Mail
We would like to acknowledge Fabian Ising and Damian Poddebniak of
Münster University of Applied Sciences for their assistance.
Managed Configuration
We would like to acknowledge Michal Moravec of Logicworks, s.r.o. for
their assistance.
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero,
Pavel Gromadchuk, an anonymous researcher for their assistance.
Installation note:
This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hpwACgkQeC9qKD1p
rhhm0Q//fIQiOk2S9w2qirXapPqEpyI9LNJnGX/RCrsZGN/iFkgvt27/RYLhHHQk
efqxE6nnXdUaj9HoIIHiG4rKxIhfkscw1dF9igvmYm6j+V2KMiRxp1Pev1zMzsBI
N6F7mJ4SiATHDTJATU8uCqIqHRQsvcIrHCjovblqGfuZxzvsjkvtRc0eXC0XAARf
xW0WRNbTBoCOEsMp92hNI45B/oK05b1aHm2pY529gE6GRBBl0ymVo30fQ7vmIoJY
Uajc6pDNeJ1MhSpo0k+Z+eVodSdBN2EutKZfU5+4t2GzqeW5nLZFa/oqXObXBhXk
i8bptOhceBu6qD9poSgkS5EdH4OdRQMcMjsQLIRJj3N/MwZBhGvsLQDlyGmtd+VG
a0s+pna/WoFwzw800CYRarmL0rRsZ4zZza0iuKArhrLlQCw+ee6XNL+1U50zvMaW
oT3gNkf3faCqQDxecIcQTj7xwt2tHV87p7uqELiuUZaCk5UoQBsWxGeGebFGxUq5
pJVQvnr4RVrDkpOQjbKj8w9mWoSZcvKlhRNL9J5kW75zd32vwnaVMlVkIG8vfvoK
sgq/VfKrOW+EV1IMAh4iuaMiLAPjwBzMiRfjvRZFeJmTaMaTOxDKHwkG5YwPNp5W
0FlhV1S2pAmGlQZgvTxkBthtU9A9giuH+oHSGJDjr70Q7de8lJ4=
=3Pcg
-----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may
have been actively exploited
| VAR-202108-2172 | CVE-2021-30858 | Apple macOS Big Sur Resource Management Error Vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
For the oldstable distribution (buster), this problem has been fixed
in version 2.32.4-1~deb10u1.
For the stable distribution (bullseye), this problem has been fixed in
version 2.32.4-1~deb11u1.
We recommend that you upgrade your webkit2gtk packages.
Information about the security content is also available at
https://support.apple.com/HT212804.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
Entry added September 20, 2021
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Entry added September 20, 2021
Gatekeeper
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
CVE-2021-30847: Mike Zhang of Pangu Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30830: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30865: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30859: Apple
Entry added September 20, 2021
libexpat
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Entry added September 20, 2021
Preferences
Available for: macOS Big Sur
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Entry added September 20, 2021
Sandbox
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A remote attacker may be able to leak memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30858: an anonymous researcher
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
App Support
We would like to acknowledge @CodeColorist, an anonymous researcher
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Entry added September 20, 2021
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added September 20, 2021
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Entry added September 20, 2021
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added September 20, 2021
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY
eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B
+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4
5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv
4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD
t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn
bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu
R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC
NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9
4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3
85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=
=9bjT
-----END PGP SIGNATURE-----
. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. 8.1) - aarch64, ppc64le, s390x, x86_64
3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkitgtk4 security update
Advisory ID: RHSA-2022:0059-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0059
Issue date: 2022-01-11
CVE Names: CVE-2021-30858
====================================================================
1. Summary:
An update for webkitgtk4 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, s390x
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
3. Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
Security Fix(es):
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-30858)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
webkitgtk4-2.28.2-3.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-3.el7.i686.rpm
webkitgtk4-2.28.2-3.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-3.el7.noarch.rpm
x86_64:
webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
webkitgtk4-2.28.2-3.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-3.el7.i686.rpm
webkitgtk4-2.28.2-3.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-3.el7.noarch.rpm
x86_64:
webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
webkitgtk4-2.28.2-3.el7.src.rpm
ppc64:
webkitgtk4-2.28.2-3.el7.ppc.rpm
webkitgtk4-2.28.2-3.el7.ppc64.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.ppc64.rpm
webkitgtk4-jsc-2.28.2-3.el7.ppc.rpm
webkitgtk4-jsc-2.28.2-3.el7.ppc64.rpm
ppc64le:
webkitgtk4-2.28.2-3.el7.ppc64le.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.ppc64le.rpm
webkitgtk4-devel-2.28.2-3.el7.ppc64le.rpm
webkitgtk4-jsc-2.28.2-3.el7.ppc64le.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.ppc64le.rpm
s390x:
webkitgtk4-2.28.2-3.el7.s390.rpm
webkitgtk4-2.28.2-3.el7.s390x.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.s390x.rpm
webkitgtk4-jsc-2.28.2-3.el7.s390.rpm
webkitgtk4-jsc-2.28.2-3.el7.s390x.rpm
x86_64:
webkitgtk4-2.28.2-3.el7.i686.rpm
webkitgtk4-2.28.2-3.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-3.el7.noarch.rpm
ppc64:
webkitgtk4-debuginfo-2.28.2-3.el7.ppc.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.ppc64.rpm
webkitgtk4-devel-2.28.2-3.el7.ppc.rpm
webkitgtk4-devel-2.28.2-3.el7.ppc64.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.ppc.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.ppc64.rpm
s390x:
webkitgtk4-debuginfo-2.28.2-3.el7.s390.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.s390x.rpm
webkitgtk4-devel-2.28.2-3.el7.s390.rpm
webkitgtk4-devel-2.28.2-3.el7.s390x.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.s390.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
webkitgtk4-2.28.2-3.el7.src.rpm
x86_64:
webkitgtk4-2.28.2-3.el7.i686.rpm
webkitgtk4-2.28.2-3.el7.x86_64.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.i686.rpm
webkitgtk4-debuginfo-2.28.2-3.el7.x86_64.rpm
webkitgtk4-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-devel-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-2.28.2-3.el7.x86_64.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.i686.rpm
webkitgtk4-jsc-devel-2.28.2-3.el7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
noarch:
webkitgtk4-doc-2.28.2-3.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-30858
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYd37ddzjgjWX9erEAQjIBw//X0CWLozcqp62pyxvvZD/fpR7OK8ux/kO
jIhtCKZdBwK8SaLcLRvFrNvOb/qY3AZa/XbPQjzaKztuWplxDU2LZBz74mngWEW0
r43dWUacOBZq0mbNek5WiInippBLDVDlDzg8X6qwTpH6Z9EqY6EtX9ZzrXtwOthI
alOkbYIVJg/4Wkrp8gXyupgT934OyEQfZkrR1SUbxlhKjdfFx7vgeqz3+G7odT75
90MTCo0Vo6XgDOS7j5xjrwQU05vtgvRJH8/OMauSyAzYQ+qPvwJP76CGC7SphGhR
LzUWlk5MaCiAGalb9FFK8A4cx8dUv0VAVOP74IZs6IUjpjz4FzSmpnAfZk1xLgyQ
SJ7NS1pH2zED20eo5qgSMDvfsPw9igD0DwN29cyPi9IVbLIFjdB4+42yCK6WKOyu
l31tVQBHQAbOf7ArUQQdoA7pEGzibEdy3brUbQu4Bv4LCMB2zJpLOFxTzEdp0xyz
RYAxA+A8+1brMlvGh8v4wmfAxTvWXuecCnG/ilyXOq1FFQq86CBmj9Da9jLB1VuP
S9xKEazAcAdrxivE53wQfUt7HurjJgtjTvUCtDPCiNYZ3617vgd29ep0PtN2EAIe
ADXxd0twQIQA84Cjx5TGJgrWoU/dNLFvJFQ72Wkk5Qc0R2ZEnvBYN8ylDPTDLW0s
SM2WAjGpY2M=kSrx
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebkitGTK+: Multiple vulnerabilities
Date: February 01, 2022
Bugs: #779175, #801400, #813489, #819522, #820434, #829723,
#831739
ID: 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
==========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Impact
=====
An attacker, by enticing a user to visit maliciously crafted web
content, may be able to execute arbitrary code, violate iframe
sandboxing policy, access restricted ports on arbitrary servers, cause
memory corruption, or could cause a Denial of Service condition.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
=========
[ 1 ] CVE-2021-30848
https://nvd.nist.gov/vuln/detail/CVE-2021-30848
[ 2 ] CVE-2021-30888
https://nvd.nist.gov/vuln/detail/CVE-2021-30888
[ 3 ] CVE-2021-30682
https://nvd.nist.gov/vuln/detail/CVE-2021-30682
[ 4 ] CVE-2021-30889
https://nvd.nist.gov/vuln/detail/CVE-2021-30889
[ 5 ] CVE-2021-30666
https://nvd.nist.gov/vuln/detail/CVE-2021-30666
[ 6 ] CVE-2021-30665
https://nvd.nist.gov/vuln/detail/CVE-2021-30665
[ 7 ] CVE-2021-30890
https://nvd.nist.gov/vuln/detail/CVE-2021-30890
[ 8 ] CVE-2021-30661
https://nvd.nist.gov/vuln/detail/CVE-2021-30661
[ 9 ] WSA-2021-0005
https://webkitgtk.org/security/WSA-2021-0005.html
[ 10 ] CVE-2021-30761
https://nvd.nist.gov/vuln/detail/CVE-2021-30761
[ 11 ] CVE-2021-30897
https://nvd.nist.gov/vuln/detail/CVE-2021-30897
[ 12 ] CVE-2021-30823
https://nvd.nist.gov/vuln/detail/CVE-2021-30823
[ 13 ] CVE-2021-30734
https://nvd.nist.gov/vuln/detail/CVE-2021-30734
[ 14 ] CVE-2021-30934
https://nvd.nist.gov/vuln/detail/CVE-2021-30934
[ 15 ] CVE-2021-1871
https://nvd.nist.gov/vuln/detail/CVE-2021-1871
[ 16 ] CVE-2021-30762
https://nvd.nist.gov/vuln/detail/CVE-2021-30762
[ 17 ] WSA-2021-0006
https://webkitgtk.org/security/WSA-2021-0006.html
[ 18 ] CVE-2021-30797
https://nvd.nist.gov/vuln/detail/CVE-2021-30797
[ 19 ] CVE-2021-30936
https://nvd.nist.gov/vuln/detail/CVE-2021-30936
[ 20 ] CVE-2021-30663
https://nvd.nist.gov/vuln/detail/CVE-2021-30663
[ 21 ] CVE-2021-1825
https://nvd.nist.gov/vuln/detail/CVE-2021-1825
[ 22 ] CVE-2021-30951
https://nvd.nist.gov/vuln/detail/CVE-2021-30951
[ 23 ] CVE-2021-30952
https://nvd.nist.gov/vuln/detail/CVE-2021-30952
[ 24 ] CVE-2021-1788
https://nvd.nist.gov/vuln/detail/CVE-2021-1788
[ 25 ] CVE-2021-1820
https://nvd.nist.gov/vuln/detail/CVE-2021-1820
[ 26 ] CVE-2021-30953
https://nvd.nist.gov/vuln/detail/CVE-2021-30953
[ 27 ] CVE-2021-30749
https://nvd.nist.gov/vuln/detail/CVE-2021-30749
[ 28 ] CVE-2021-30849
https://nvd.nist.gov/vuln/detail/CVE-2021-30849
[ 29 ] CVE-2021-1826
https://nvd.nist.gov/vuln/detail/CVE-2021-1826
[ 30 ] CVE-2021-30836
https://nvd.nist.gov/vuln/detail/CVE-2021-30836
[ 31 ] CVE-2021-30954
https://nvd.nist.gov/vuln/detail/CVE-2021-30954
[ 32 ] CVE-2021-30984
https://nvd.nist.gov/vuln/detail/CVE-2021-30984
[ 33 ] CVE-2021-30851
https://nvd.nist.gov/vuln/detail/CVE-2021-30851
[ 34 ] CVE-2021-30758
https://nvd.nist.gov/vuln/detail/CVE-2021-30758
[ 35 ] CVE-2021-42762
https://nvd.nist.gov/vuln/detail/CVE-2021-42762
[ 36 ] CVE-2021-1844
https://nvd.nist.gov/vuln/detail/CVE-2021-1844
[ 37 ] CVE-2021-30689
https://nvd.nist.gov/vuln/detail/CVE-2021-30689
[ 38 ] CVE-2021-45482
https://nvd.nist.gov/vuln/detail/CVE-2021-45482
[ 39 ] CVE-2021-30858
https://nvd.nist.gov/vuln/detail/CVE-2021-30858
[ 40 ] CVE-2021-21779
https://nvd.nist.gov/vuln/detail/CVE-2021-21779
[ 41 ] WSA-2021-0004
https://webkitgtk.org/security/WSA-2021-0004.html
[ 42 ] CVE-2021-30846
https://nvd.nist.gov/vuln/detail/CVE-2021-30846
[ 43 ] CVE-2021-30744
https://nvd.nist.gov/vuln/detail/CVE-2021-30744
[ 44 ] CVE-2021-30809
https://nvd.nist.gov/vuln/detail/CVE-2021-30809
[ 45 ] CVE-2021-30884
https://nvd.nist.gov/vuln/detail/CVE-2021-30884
[ 46 ] CVE-2021-30720
https://nvd.nist.gov/vuln/detail/CVE-2021-30720
[ 47 ] CVE-2021-30799
https://nvd.nist.gov/vuln/detail/CVE-2021-30799
[ 48 ] CVE-2021-30795
https://nvd.nist.gov/vuln/detail/CVE-2021-30795
[ 49 ] CVE-2021-1817
https://nvd.nist.gov/vuln/detail/CVE-2021-1817
[ 50 ] CVE-2021-21775
https://nvd.nist.gov/vuln/detail/CVE-2021-21775
[ 51 ] CVE-2021-30887
https://nvd.nist.gov/vuln/detail/CVE-2021-30887
[ 52 ] CVE-2021-21806
https://nvd.nist.gov/vuln/detail/CVE-2021-21806
[ 53 ] CVE-2021-30818
https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
| VAR-202108-2050 | CVE-2021-30901 | apple's Apple Mac OS X and macOS Out-of-bounds write vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. apple's Apple Mac OS X and macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. Apple is aware of a report that this issue may
have been actively exploited. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-3 macOS Monterey 12.0.1
macOS Monterey 12.0.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212869.
AppKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30873: Thijs Alkemade of Computest
AppleScript
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected application termination or disclosure of process
memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30876: Jeremy Brown, hjy79425575
CVE-2021-30879: Jeremy Brown, hjy79425575
CVE-2021-30877: Jeremy Brown
CVE-2021-30880: Jeremy Brown
Audio
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab
Bluetooth
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved state
handling.
CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America
ColorSync
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles. This issue was addressed with improved input
validation.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero
Continuity Camera
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30903: an anonymous researcher
CoreAudio
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro
CoreGraphics
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919
FileProvider
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360
Game Center
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to access information
about a user's contacts
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30895: Denis Tokarev
Game Center
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to read user's gameplay
data
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30896: Denis Tokarev
iCloud
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto
Intel Graphics Driver
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab, Jack Dates of
RET2 Systems, Inc.
IOGraphics
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video
Communications
IOMobileFrameBuffer
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30883: an anonymous researcher
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30886: @0xalsr
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab
Kernel
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30916: Zweig of Kunlun Lab
LaunchServices
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30864: Ron Hass (@ronhass7) of Perception Point
Login Window
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A person with access to a host Mac may be able to bypass the
Login Window in Remote Desktop for a locked instance of macOS
Description: This issue was addressed with improved checks.
CVE-2021-30813: Benjamin Berger of BBetterTech LLC, Peter Goedtkindt
of Informatique-MTF S.A., an anonymous researcher
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
Sandbox
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to read sensitive information
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30920: Csaba Fitzl (@theevilbit) of Offensive Security
SMB
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs
SoftwareUpdate
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may gain access to a user's Keychain
items
Description: The issue was addressed with improved permissions logic.
CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
SoftwareUpdate
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An unprivileged application may be able to edit NVRAM
variables
Description: The issue was addressed with improved permissions logic.
CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent
Security Xuanwu Lab
UIKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A person with physical access to an iOS device may be
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: An attacker in a privileged network position may be able to
bypass HSTS
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30823: David Gullasch of Recurity Labs
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
unexpectedly unenforced Content Security Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt.
Ltd.
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30861: Wojciech Reguła (@_r3ggi), Ryan Pickren
(ryanpickren.com)
WebKit
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30890: an anonymous researcher
Windows Server
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A local attacker may be able to view the previous logged in
user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved
state management.
CVE-2021-30908: ASentientBot
xar
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: Unpacking a maliciously crafted archive may allow an attacker
to write arbitrary files
Description: This issue was addressed with improved checks.
CVE-2021-30833: Richard Warren of NCC Group
zsh
Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and
later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and
later), iMac (Late 2015 and later), MacBook (Early 2016 and later),
iMac Pro (2017 and later)
Impact: A malicious application may be able to modify protected parts
of the file system
Description: An inherited permissions issue was addressed with
additional restrictions.
CVE-2021-30892: Jonathan Bar Or of Microsoft
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
App Support
We would like to acknowledge an anonymous researcher, 漂亮鼠 of 赛博回忆录
for their assistance.
Bluetooth
We would like to acknowledge say2 of ENKI for their assistance.
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Mail
We would like to acknowledge Fabian Ising and Damian Poddebniak of
Münster University of Applied Sciences for their assistance.
Managed Configuration
We would like to acknowledge Michal Moravec of Logicworks, s.r.o. for
their assistance.
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero,
Pavel Gromadchuk, an anonymous researcher for their assistance.
Installation note:
This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hpwACgkQeC9qKD1p
rhhm0Q//fIQiOk2S9w2qirXapPqEpyI9LNJnGX/RCrsZGN/iFkgvt27/RYLhHHQk
efqxE6nnXdUaj9HoIIHiG4rKxIhfkscw1dF9igvmYm6j+V2KMiRxp1Pev1zMzsBI
N6F7mJ4SiATHDTJATU8uCqIqHRQsvcIrHCjovblqGfuZxzvsjkvtRc0eXC0XAARf
xW0WRNbTBoCOEsMp92hNI45B/oK05b1aHm2pY529gE6GRBBl0ymVo30fQ7vmIoJY
Uajc6pDNeJ1MhSpo0k+Z+eVodSdBN2EutKZfU5+4t2GzqeW5nLZFa/oqXObXBhXk
i8bptOhceBu6qD9poSgkS5EdH4OdRQMcMjsQLIRJj3N/MwZBhGvsLQDlyGmtd+VG
a0s+pna/WoFwzw800CYRarmL0rRsZ4zZza0iuKArhrLlQCw+ee6XNL+1U50zvMaW
oT3gNkf3faCqQDxecIcQTj7xwt2tHV87p7uqELiuUZaCk5UoQBsWxGeGebFGxUq5
pJVQvnr4RVrDkpOQjbKj8w9mWoSZcvKlhRNL9J5kW75zd32vwnaVMlVkIG8vfvoK
sgq/VfKrOW+EV1IMAh4iuaMiLAPjwBzMiRfjvRZFeJmTaMaTOxDKHwkG5YwPNp5W
0FlhV1S2pAmGlQZgvTxkBthtU9A9giuH+oHSGJDjr70Q7de8lJ4=
=3Pcg
-----END PGP SIGNATURE-----