VARIoT IoT vulnerabilities database
| VAR-202110-0914 | CVE-2021-30828 | macOS Vulnerability in |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root. macOS Exists in unspecified vulnerabilities.Information may be obtained.
Information about the security content is also available at
https://support.apple.com/HT212804.
CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
Entry added September 20, 2021
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Entry added September 20, 2021
Gatekeeper
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
Entry added September 20, 2021
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30847: Mike Zhang of Pangu Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30830: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30865: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30859: Apple
Entry added September 20, 2021
libexpat
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Entry added September 20, 2021
Preferences
Available for: macOS Big Sur
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Entry added September 20, 2021
Sandbox
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A remote attacker may be able to leak memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30858: an anonymous researcher
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
App Support
We would like to acknowledge @CodeColorist, an anonymous researcher
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Entry added September 20, 2021
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added September 20, 2021
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Entry added September 20, 2021
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added September 20, 2021
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY
eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B
+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4
5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv
4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD
t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn
bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu
R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC
NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9
4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3
85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=
=9bjT
-----END PGP SIGNATURE-----
| VAR-202110-0915 | CVE-2021-30827 | macOS Improper Permission Preservation Vulnerability in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges. macOS contains an improper permissions retention vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Information about the security content is also available at
https://support.apple.com/HT212804.
CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
Entry added September 20, 2021
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Entry added September 20, 2021
Gatekeeper
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
Entry added September 20, 2021
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30847: Mike Zhang of Pangu Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30830: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30865: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30859: Apple
Entry added September 20, 2021
libexpat
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Entry added September 20, 2021
Preferences
Available for: macOS Big Sur
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Entry added September 20, 2021
Sandbox
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A remote attacker may be able to leak memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30858: an anonymous researcher
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
App Support
We would like to acknowledge @CodeColorist, an anonymous researcher
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Entry added September 20, 2021
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added September 20, 2021
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Entry added September 20, 2021
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added September 20, 2021
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY
eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B
+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4
5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv
4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD
t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn
bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu
R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC
NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9
4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3
85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=
=9bjT
-----END PGP SIGNATURE-----
| VAR-202110-0909 | CVE-2021-30845 | macOS Out-of-bounds read vulnerability in |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6. A local user may be able to read kernel memory.
Information about the security content is also available at
https://support.apple.com/HT212804.
CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
Entry added September 20, 2021
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Entry added September 20, 2021
Gatekeeper
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
Entry added September 20, 2021
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30847: Mike Zhang of Pangu Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30830: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30865: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30859: Apple
Entry added September 20, 2021
libexpat
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Entry added September 20, 2021
Preferences
Available for: macOS Big Sur
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Entry added September 20, 2021
Sandbox
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A remote attacker may be able to leak memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30858: an anonymous researcher
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
App Support
We would like to acknowledge @CodeColorist, an anonymous researcher
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Entry added September 20, 2021
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added September 20, 2021
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Entry added September 20, 2021
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added September 20, 2021
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY
eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B
+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4
5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv
4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD
t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn
bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu
R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC
NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9
4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3
85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=
=9bjT
-----END PGP SIGNATURE-----
| VAR-202110-0913 | CVE-2021-30829 | macOS Vulnerability in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files. macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Information about the security content is also available at
https://support.apple.com/HT212804.
CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
Entry added September 20, 2021
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Entry added September 20, 2021
Gatekeeper
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
Entry added September 20, 2021
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30847: Mike Zhang of Pangu Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30830: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30865: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30859: Apple
Entry added September 20, 2021
libexpat
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Entry added September 20, 2021
Preferences
Available for: macOS Big Sur
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Entry added September 20, 2021
Sandbox
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A remote attacker may be able to leak memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30858: an anonymous researcher
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
App Support
We would like to acknowledge @CodeColorist, an anonymous researcher
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Entry added September 20, 2021
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added September 20, 2021
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Entry added September 20, 2021
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added September 20, 2021
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY
eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B
+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4
5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv
4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD
t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn
bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu
R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC
NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9
4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3
85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=
=9bjT
-----END PGP SIGNATURE-----
| VAR-202110-0912 | CVE-2021-30830 | macOS Out-of-bounds write vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges. macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
Information about the security content is also available at
https://support.apple.com/HT212804.
CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
Entry added September 20, 2021
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Entry added September 20, 2021
Gatekeeper
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
Entry added September 20, 2021
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30847: Mike Zhang of Pangu Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30859: Apple
Entry added September 20, 2021
libexpat
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Entry added September 20, 2021
Preferences
Available for: macOS Big Sur
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Entry added September 20, 2021
Sandbox
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A remote attacker may be able to leak memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30858: an anonymous researcher
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
App Support
We would like to acknowledge @CodeColorist, an anonymous researcher
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Entry added September 20, 2021
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added September 20, 2021
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Entry added September 20, 2021
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added September 20, 2021
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY
eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B
+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4
5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv
4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD
t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn
bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu
R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC
NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9
4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3
85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=
=9bjT
-----END PGP SIGNATURE-----
| VAR-202110-0911 | CVE-2021-30832 | macOS Out-of-bounds write vulnerability in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
A memory corruption issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges. macOS Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the CVMServer daemon. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
Information about the security content is also available at
https://support.apple.com/HT212804.
CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
Entry added September 20, 2021
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Entry added September 20, 2021
Gatekeeper
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
Entry added September 20, 2021
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30847: Mike Zhang of Pangu Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30830: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30865: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30859: Apple
Entry added September 20, 2021
libexpat
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Entry added September 20, 2021
Preferences
Available for: macOS Big Sur
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Entry added September 20, 2021
Sandbox
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A remote attacker may be able to leak memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30858: an anonymous researcher
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
App Support
We would like to acknowledge @CodeColorist, an anonymous researcher
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Entry added September 20, 2021
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added September 20, 2021
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Entry added September 20, 2021
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added September 20, 2021
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY
eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B
+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4
5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv
4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD
t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn
bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu
R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC
NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9
4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3
85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=
=9bjT
-----END PGP SIGNATURE-----
| VAR-202110-0910 | CVE-2021-30844 | macOS Vulnerability regarding lack of memory release after expiration in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory. macOS Contains a vulnerability regarding the lack of free memory after expiration.Information may be obtained.
Information about the security content is also available at
https://support.apple.com/HT212804.
CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
Entry added September 20, 2021
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Entry added September 20, 2021
Gatekeeper
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
Entry added September 20, 2021
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30847: Mike Zhang of Pangu Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30830: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30865: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30859: Apple
Entry added September 20, 2021
libexpat
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Entry added September 20, 2021
Preferences
Available for: macOS Big Sur
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Entry added September 20, 2021
Sandbox
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A remote attacker may be able to leak memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30858: an anonymous researcher
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
App Support
We would like to acknowledge @CodeColorist, an anonymous researcher
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Entry added September 20, 2021
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added September 20, 2021
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Entry added September 20, 2021
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added September 20, 2021
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY
eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B
+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4
5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv
4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD
t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn
bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu
R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC
NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9
4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3
85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=
=9bjT
-----END PGP SIGNATURE-----
| VAR-202110-1514 | CVE-2021-30841 | plural Apple Product vulnerabilities |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15 and iPadOS 15.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-9 Additional information for
APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
iOS 15 and iPadOS 15 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212814.
Accessory Manager
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2021-30837: Siddharth Aeri (@b1n4r1b01)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to read sensitive information
Description: This issue was addressed with improved checks.
CVE-2021-30811: an anonymous researcher working with Compartir
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later,
iPad Pro (3rd generation) and later, iPad Air (3rd generation) and
later, and iPad mini (5th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges on devices with an Apple Neural Engine
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30838: proteas wang
bootp
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium)
Entry added October 25, 2021
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a malicious audio file may result in unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab
Entry added October 25, 2021
CoreML
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30825: hjy79425575 working with Trend Micro Zero Day
Initiative
Face ID
Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS
(all models), iPhone 11 (all models), iPhone 12 (all models), iPad
Pro (11-inch), and iPad Pro (3rd generation)
Impact: A 3D model constructed to look like the enrolled user may be
able to authenticate via Face ID
Description: This issue was addressed by improving Face ID anti-
spoofing models.
CVE-2021-30863: Wish Wu (吴潍浠 @wish_wu) of Ant-financial Light-Year
Security Lab
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: The issue was addressed with improved permissions logic.
CVE-2021-30816: Atharv (@atharv0x0)
Entry added October 25, 2021
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application with microphone permission may unexpectedly
access microphone input during a FaceTime call
Description: A logic issue was addressed with improved validation.
CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
Entry added October 25, 2021
iCloud Photo Library
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to access photo metadata
without needing permission to access photos
Description: The issue was addressed with improved authentication.
CVE-2021-30867: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30814: hjy79425575
Entry added October 25, 2021
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30835: Ye Zhang of Baidu Security
CVE-2021-30847: Mike Zhang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
libexpat
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30819: Apple
NetworkExtension
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A VPN configuration may be installed by an app without user
permission
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30874: Javier Vieira Boccardo (linkedin.com/javier-vieira-
boccardo)
Entry added October 25, 2021
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Quick Look
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Previewing an html file attached to a note may unexpectedly
contact remote servers
Description: A logic issue existed in the handling of document loads.
CVE-2021-30870: Saif Hamed Al Hinai Oman CERT
Entry added October 25, 2021
Sandbox
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved checks.
CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021
Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to view contacts from the lock
screen
Description: A lock screen issue allowed access to contacts on a
locked device.
CVE-2021-30815: an anonymous researcher
Telephony
Available for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad
Air 2, iPad (5th generation), and iPad mini 4
Impact: In certain situations, the baseband would fail to enable
integrity and ciphering protection
Description: A logic issue was addressed with improved state
management.
CVE-2021-30826: CheolJun Park, Sangwook Bae and BeomSeok Oh of KAIST
SysSec Lab
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: The issue was resolved with additional restrictions on
CSS compositing.
CVE-2021-30884: an anonymous researcher
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30809: an anonymous researcher
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30846: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30848: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30849: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2021-30851: Samuel Groß of Google Project Zero
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in physical proximity may be able to force a user
onto a malicious Wi-Fi network during device setup
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30810: an anonymous researcher
Additional recognition
Assets
We would like to acknowledge Cees Elzinga for their assistance.
Bluetooth
We would like to acknowledge an anonymous researcher for their
assistance.
File System
We would like to acknowledge Siddharth Aeri (@b1n4r1b01) for their
assistance.
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
UIKit
We would like to acknowledge an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "15"
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hy0ACgkQeC9qKD1p
rhiHNRAAwUaVHgd+whk6qGBZ3PYqSbvvuuo00rLW6JIqv9dwpEh9BBD//bSsUppb
41J5VaNoKDsonTLhXt0Mhn66wmhbGjLneMIoNb7ffl7O2xDQaWAr+HmoUm6wOo48
Kqj/wJGNJJov4ucBA6InpUz1ZevEhaPU4QMNedVck4YSl1GhtSTJsBAzVkMakQhX
uJ1fVdOJ5konmmQJLYxDUo60xqS0sZPchkwCM1zwR/SAZ70pt6P0MGI1Yddjcn1U
loAcKYVgkKAc9RWkXRskR1RxFBGivTI/gy5pDkLxfGfwFecf6PSR7MDki4xDeoVH
5FWXBwga8Uc/afGRqnFwTpdsisRZP8rQFwMam1T/DwgrWD8R2CCn/wOcvbtlWMIv
LczYCJFMELaXOjFF5duXaUJme97567OypYvhjBDtiIPg5MCGhZZCmpbRjkcUBZNJ
YQOELzq6CHWc96mjPOt34B0X2VXGhvgpQ0/evvcQe3bHv0F7N/acAlgsGe+e4Jn8
k0gWZocq+fPnl6YYgZKIGgcZWUl5bdqduApesEtpRU2ug2TE+xMOhMZXb1WLawJl
n/OtVHhIjft23r0MGgyWTIHMPe5DRvEPWGI3DS+55JX6XOxSGp9o6xgOAraZR4U6
HO/WbQOwj7SSKbyPxmDTp4OMyFPukbe92WIMh5EpFcILp6GTJqQ=
=lg51
-----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have
been actively exploited.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking. Apple is aware of a report that this issue
may have been actively exploited. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance
| VAR-202109-1877 | CVE-2021-39537 | ncurses Out-of-bounds write vulnerability in |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. ncurses Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================
Ubuntu Security Notice USN-6099-1
May 23, 2023
ncurses vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in ncurses.
Software Description:
- ncurses: shared libraries for terminal handling
Details:
It was discovered that ncurses was incorrectly performing bounds
checks when processing invalid hashcodes. An attacker could possibly
use this issue to cause a denial of service or to expose sensitive
information. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-17594)
It was discovered that ncurses was incorrectly handling
end-of-string characters when processing terminfo and termcap files.
An attacker could possibly use this issue to cause a denial of
service or to expose sensitive information. This issue only affected
Ubuntu 18.04 LTS. (CVE-2019-17595)
It was discovered that ncurses was incorrectly handling
end-of-string characters when converting between termcap and
terminfo formats. An attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537)
It was discovered that ncurses was incorrectly performing bounds
checks when dealing with corrupt terminfo data while reading a
terminfo file. An attacker could possibly use this issue to cause a
denial of service or to expose sensitive information. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2022-29458)
It was discovered that ncurses was parsing environment variables when
running with setuid applications and not properly handling the
processing of malformed data when doing so. A local attacker could
possibly use this issue to cause a denial of service (application
crash) or execute arbitrary code. (CVE-2023-29491)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
lib32ncurses6 6.4-2ubuntu0.1
lib32ncursesw6 6.4-2ubuntu0.1
lib32tinfo6 6.4-2ubuntu0.1
lib64ncurses6 6.4-2ubuntu0.1
lib64ncursesw6 6.4-2ubuntu0.1
lib64tinfo6 6.4-2ubuntu0.1
libncurses5 6.4-2ubuntu0.1
libncurses6 6.4-2ubuntu0.1
libncursesw5 6.4-2ubuntu0.1
libncursesw6 6.4-2ubuntu0.1
libtinfo5 6.4-2ubuntu0.1
libtinfo6 6.4-2ubuntu0.1
ncurses-bin 6.4-2ubuntu0.1
Ubuntu 22.10:
lib32ncurses6 6.3+20220423-2ubuntu0.1
lib32ncursesw6 6.3+20220423-2ubuntu0.1
lib32tinfo6 6.3+20220423-2ubuntu0.1
lib64ncurses6 6.3+20220423-2ubuntu0.1
lib64ncursesw6 6.3+20220423-2ubuntu0.1
lib64tinfo6 6.3+20220423-2ubuntu0.1
libncurses5 6.3+20220423-2ubuntu0.1
libncurses6 6.3+20220423-2ubuntu0.1
libncursesw5 6.3+20220423-2ubuntu0.1
libncursesw6 6.3+20220423-2ubuntu0.1
libtinfo5 6.3+20220423-2ubuntu0.1
libtinfo6 6.3+20220423-2ubuntu0.1
ncurses-bin 6.3+20220423-2ubuntu0.1
Ubuntu 22.04 LTS:
lib32ncurses6 6.3-2ubuntu0.1
lib32ncursesw6 6.3-2ubuntu0.1
lib32tinfo6 6.3-2ubuntu0.1
lib64ncurses6 6.3-2ubuntu0.1
lib64ncursesw6 6.3-2ubuntu0.1
lib64tinfo6 6.3-2ubuntu0.1
libncurses5 6.3-2ubuntu0.1
libncurses6 6.3-2ubuntu0.1
libncursesw5 6.3-2ubuntu0.1
libncursesw6 6.3-2ubuntu0.1
libtinfo5 6.3-2ubuntu0.1
libtinfo6 6.3-2ubuntu0.1
ncurses-bin 6.3-2ubuntu0.1
Ubuntu 20.04 LTS:
lib32ncurses6 6.2-0ubuntu2.1
lib32ncursesw6 6.2-0ubuntu2.1
lib32tinfo6 6.2-0ubuntu2.1
lib64ncurses6 6.2-0ubuntu2.1
lib64ncursesw6 6.2-0ubuntu2.1
lib64tinfo6 6.2-0ubuntu2.1
libncurses5 6.2-0ubuntu2.1
libncurses6 6.2-0ubuntu2.1
libncursesw5 6.2-0ubuntu2.1
libncursesw6 6.2-0ubuntu2.1
libtinfo5 6.2-0ubuntu2.1
libtinfo6 6.2-0ubuntu2.1
ncurses-bin 6.2-0ubuntu2.1
Ubuntu 18.04 LTS:
lib32ncurses5 6.1-1ubuntu1.18.04.1
lib32ncursesw5 6.1-1ubuntu1.18.04.1
lib32tinfo5 6.1-1ubuntu1.18.04.1
lib64ncurses5 6.1-1ubuntu1.18.04.1
lib64tinfo5 6.1-1ubuntu1.18.04.1
libncurses5 6.1-1ubuntu1.18.04.1
libncursesw5 6.1-1ubuntu1.18.04.1
libtinfo5 6.1-1ubuntu1.18.04.1
libx32ncurses5 6.1-1ubuntu1.18.04.1
libx32ncursesw5 6.1-1ubuntu1.18.04.1
libx32tinfo5 6.1-1ubuntu1.18.04.1
ncurses-bin 6.1-1ubuntu1.18.04.1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
lib32ncurses5 6.0+20160213-1ubuntu1+esm3
lib32ncursesw5 6.0+20160213-1ubuntu1+esm3
lib32tinfo5 6.0+20160213-1ubuntu1+esm3
lib64ncurses5 6.0+20160213-1ubuntu1+esm3
lib64tinfo5 6.0+20160213-1ubuntu1+esm3
libncurses5 6.0+20160213-1ubuntu1+esm3
libncursesw5 6.0+20160213-1ubuntu1+esm3
libtinfo5 6.0+20160213-1ubuntu1+esm3
libx32ncurses5 6.0+20160213-1ubuntu1+esm3
libx32ncursesw5 6.0+20160213-1ubuntu1+esm3
libx32tinfo5 6.0+20160213-1ubuntu1+esm3
ncurses-bin 6.0+20160213-1ubuntu1+esm3
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
lib32ncurses5 5.9+20140118-1ubuntu1+esm3
lib32ncursesw5 5.9+20140118-1ubuntu1+esm3
lib32tinfo5 5.9+20140118-1ubuntu1+esm3
lib64ncurses5 5.9+20140118-1ubuntu1+esm3
lib64tinfo5 5.9+20140118-1ubuntu1+esm3
libncurses5 5.9+20140118-1ubuntu1+esm3
libncursesw5 5.9+20140118-1ubuntu1+esm3
libtinfo5 5.9+20140118-1ubuntu1+esm3
libx32ncurses5 5.9+20140118-1ubuntu1+esm3
libx32ncursesw5 5.9+20140118-1ubuntu1+esm3
libx32tinfo5 5.9+20140118-1ubuntu1+esm3
ncurses-bin 5.9+20140118-1ubuntu1+esm3
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13
macOS Ventura 13 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213488.
Accelerate Framework
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2022-42795: ryuzaki
Apple Neural Engine
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2022-32858: Mohamed Ghannam (@_simo36)
Apple Neural Engine
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32898: Mohamed Ghannam (@_simo36)
CVE-2022-32899: Mohamed Ghannam (@_simo36)
AppleAVD
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to cause a denial-of-service
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32827: Antonio Zekic (@antoniozekic), Natalie Silvanovich of
Google Project Zero, an anonymous researcher
AppleMobileFileIntegrity
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to access user-sensitive data
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc.
AppleMobileFileIntegrity
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed by removing additional
entitlements.
CVE-2022-42825: Mickey Jin (@patch1t)
ATS
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state
management.
CVE-2022-32902: Mickey Jin (@patch1t)
ATS
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2022-32904: Mickey Jin (@patch1t)
ATS
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved checks.
CVE-2022-32890: Mickey Jin (@patch1t)
Audio
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-42796: an anonymous researcher
Audio
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: The issue was addressed with improved memory handling.
CVE-2022-42798: Anonymous working with Trend Micro Zero Day
Initiative
Entry added October 27, 2022
AVEVideoEncoder
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32940: ABC Research s.r.o.
Calendar
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to read sensitive location information
Description: An access issue was addressed with improved access
restrictions.
CVE-2022-42819: an anonymous researcher
CFNetwork
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A certificate validation issue existed in the handling
of WKWebView. This issue was addressed with improved validation.
CVE-2022-42813: Jonathan Zhang of Open Computing Facility
(ocf.berkeley.edu)
ColorSync
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles. This issue was addressed with improved input
validation.
CVE-2022-26730: David Hoyt of Hoyt LLC
Crash Reporter
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A user with physical access to an iOS device may be able to
read past diagnostic logs
Description: This issue was addressed with improved data protection.
CVE-2022-32867: Kshitij Kumar and Jai Musunuri of Crowdstrike
curl
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Multiple issues in curl
Description: Multiple issues were addressed by updating to curl
version 7.84.0.
CVE-2022-32205
CVE-2022-32206
CVE-2022-32207
CVE-2022-32208
Directory Utility
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to access user-sensitive data
Description: A logic issue was addressed with improved checks.
CVE-2022-42814: Sergii Kryvoblotskyi of MacPaw Inc.
DriverKit
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32865: Linus Henze of Pinauten GmbH (pinauten.de)
DriverKit
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved
checks.
CVE-2022-32915: Tommy Muir (@Muirey03)
Exchange
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A user in a privileged network position may be able to
intercept mail credentials
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32928: an anonymous researcher
FaceTime
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A user may be able to view restricted content from the lock
screen
Description: A lock screen issue was addressed with improved state
management.
CVE-2022-32935: Bistrit Dahal
Entry added October 27, 2022
Find My
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A malicious application may be able to read sensitive
location information
Description: A permissions issue existed. This issue was addressed
with improved permission validation.
CVE-2022-42788: Csaba Fitzl (@theevilbit) of Offensive Security,
Wojciech Reguła of SecuRing (wojciechregula.blog)
Finder
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing a maliciously crafted DMG file may lead to
arbitrary code execution with system privileges
Description: This issue was addressed with improved validation of
symlinks.
CVE-2022-32905: Ron Masas (breakpoint.sh) of BreakPoint Technologies
LTD
GPU Drivers
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32947: Asahi Lina (@LinaAsahi)
Grapher
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing a maliciously crafted gcx file may lead to
unexpected app termination or arbitrary code execution
Description: The issue was addressed with improved memory handling.
CVE-2022-42809: Yutao Wang (@Jack) and Yu Zhou (@yuzhou6666)
Heimdal
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A user may be able to cause unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-3437: Evgeny Legerov of Intevydis
Entry added October 25, 2022
Image Processing
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A sandboxed app may be able to determine which app is
currently using the camera
Description: The issue was addressed with additional restrictions on
the observability of app states.
CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit)
ImageIO
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing an image may lead to a denial-of-service
Description: A denial-of-service issue was addressed with improved
validation.
CVE-2022-1622
Intel Graphics Driver
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2022-32936: Antonio Zekic (@antoniozekic)
IOHIDFamily
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-42820: Peter Pan ZhenPeng of STAR Labs
IOKit
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42806: Tingting Yin of Tsinghua University
Kernel
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)
Kernel
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de)
CVE-2022-32911: Zweig of Kunlun Lab
CVE-2022-32924: Ian Beer of Google Project Zero
Kernel
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-32914: Zweig of Kunlun Lab
Kernel
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A remote user may be able to cause kernel code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-42808: Zweig of Kunlun Lab
Kernel
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32944: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42803: Xinru Chi of Pangu Lab, John Aakerblom (@jaakerblom)
Entry added October 27, 2022
Kernel
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-32926: Tim Michaud (@TimGMichaud) of Moveworks.ai
Entry added October 27, 2022
Kernel
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42801: Ian Beer of Google Project Zero
Entry added October 27, 2022
Mail
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with improved data protection.
CVE-2022-42815: Csaba Fitzl (@theevilbit) of Offensive Security
Maps
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32883: Ron Masas of breakpointhq.com
MediaLibrary
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A user may be able to elevate privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2022-32908: an anonymous researcher
Model I/O
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: The issue was addressed with improved memory handling.
CVE-2022-42810: Xingwei Lin (@xwlin_roy) and Yinyi Wu of Ant Security
Light-Year Lab
Entry added October 27, 2022
ncurses
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A user may be able to cause unexpected app termination or
arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-39537
ncurses
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing a maliciously crafted file may lead to a denial-
of-service or potentially disclose memory contents
Description: A denial-of-service issue was addressed with improved
validation.
CVE-2022-29458
Notes
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A user in a privileged network position may be able to track
user activity
Description: This issue was addressed with improved data protection.
CVE-2022-42818: Gustav Hansen from WithSecure
Notifications
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A user with physical access to a device may be able to access
contacts from the lock screen
Description: A logic issue was addressed with improved state
management.
CVE-2022-32879: Ubeydullah Sümer
PackageKit
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to modify protected parts of the file
system
Description: A race condition was addressed with improved state
handling.
CVE-2022-32895: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin
(@patch1t)
Photos
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed with improved data protection.
CVE-2022-32918: an anonymous researcher, Jugal Goradia of Aastha
Technologies, Srijan Shivam Mishra of The Hack Report, Evan Ricafort
(evanricafort.com) of Invalid Web Security, Amod Raghunath Patwardhan
of Pune, India, Ashwani Rajput of Nagarro Software Pvt. Ltd
ppp
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2022-42829: an anonymous researcher
ppp
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42830: an anonymous researcher
ppp
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2022-42831: an anonymous researcher
CVE-2022-42832: an anonymous researcher
ppp
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A buffer overflow may result in arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32941: an anonymous researcher
Entry added October 27, 2022
Ruby
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: A memory corruption issue was addressed by updating Ruby
to version 2.6.10.
CVE-2022-28739
Sandbox
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to modify protected parts of the file
system
Description: A logic issue was addressed with improved restrictions.
CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app with root privileges may be able to access private
information
Description: This issue was addressed with improved data protection.
CVE-2022-32862: an anonymous researcher
Sandbox
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to access user-sensitive data
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2022-42811: Justin Bui (@slyd0g) of Snowflake
Security
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to bypass code signing checks
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de)
Shortcuts
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A shortcut may be able to check the existence of an arbitrary
path on the file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2022-32938: Cristian Dinca of Tudor Vianu National High School of
Computer Science of. Romania
Sidecar
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A user may be able to view restricted content from the lock
screen
Description: A logic issue was addressed with improved state
management.
CVE-2022-42790: Om kothawade of Zaprico Digital
Siri
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A user with physical access to a device may be able to use
Siri to obtain some call history information
Description: A logic issue was addressed with improved state
management.
CVE-2022-32870: Andrew Goldberg of The McCombs School of Business,
The University of Texas at Austin (linkedin.com/in/andrew-goldberg-/)
SMB
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A remote user may be able to cause kernel code execution
Description: The issue was addressed with improved memory handling.
CVE-2022-32934: Felix Poulin-Belanger
Software Update
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved state
handling.
CVE-2022-42791: Mickey Jin (@patch1t) of Trend Micro
SQLite
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A remote user may be able to cause a denial-of-service
Description: This issue was addressed with improved checks.
CVE-2021-36690
Vim
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Multiple issues in Vim
Description: Multiple issues were addressed by updating Vim.
CVE-2022-0261
CVE-2022-0318
CVE-2022-0319
CVE-2022-0351
CVE-2022-0359
CVE-2022-0361
CVE-2022-0368
CVE-2022-0392
CVE-2022-0554
CVE-2022-0572
CVE-2022-0629
CVE-2022-0685
CVE-2022-0696
CVE-2022-0714
CVE-2022-0729
CVE-2022-0943
CVE-2022-1381
CVE-2022-1420
CVE-2022-1725
CVE-2022-1616
CVE-2022-1619
CVE-2022-1620
CVE-2022-1621
CVE-2022-1629
CVE-2022-1674
CVE-2022-1733
CVE-2022-1735
CVE-2022-1769
CVE-2022-1927
CVE-2022-1942
CVE-2022-1968
CVE-2022-1851
CVE-2022-1897
CVE-2022-1898
CVE-2022-1720
CVE-2022-2000
CVE-2022-2042
CVE-2022-2124
CVE-2022-2125
CVE-2022-2126
Weather
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: An app may be able to read sensitive location information
Description: A logic issue was addressed with improved state
management.
CVE-2022-32875: an anonymous researcher
WebKit
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
WebKit Bugzilla: 241969
CVE-2022-32886: P1umer (@p1umer), afang (@afang5472), xmzyshypnc
(@xmzyshypnc1)
WebKit
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
WebKit Bugzilla: 242047
CVE-2022-32888: P1umer (@p1umer)
WebKit
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
WebKit Bugzilla: 242762
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with
Trend Micro Zero Day Initiative
WebKit
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Visiting a malicious website may lead to user interface
spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 243693
CVE-2022-42799: Jihwan Kim (@gPayl0ad), Dohyun Lee (@l33d0hyun)
WebKit
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
WebKit Bugzilla: 244622
CVE-2022-42823: Dohyun Lee (@l33d0hyun) of SSD Labs
WebKit
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 245058
CVE-2022-42824: Abdulrahman Alqabandi of Microsoft Browser
Vulnerability Research, Ryan Shin of IAAI SecLab at Korea University,
Dohyun Lee (@l33d0hyun) of DNSLab at Korea University
WebKit
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing maliciously crafted web content may disclose
internal states of the app
Description: A correctness issue in the JIT was addressed with
improved checks.
WebKit Bugzilla: 242964
CVE-2022-32923: Wonyoung Jung (@nonetype_pwn) of KAIST Hacking Lab
Entry added October 27, 2022
WebKit PDF
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 242781
CVE-2022-32922: Yonghwi Jin (@jinmo123) at Theori working with Trend
Micro Zero Day Initiative
WebKit Sandboxing
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with improvements to the
sandbox.
WebKit Bugzilla: 243181
CVE-2022-32892: @18楼梦想改造家 and @jq0904 of DBAppSecurity's WeBin lab
zlib
Available for: Mac Studio (2022), Mac Pro (2019 and later), MacBook
Air (2018 and later), MacBook Pro (2017 and later), Mac mini (2018
and later), iMac (2017 and later), MacBook (2017), and iMac Pro
(2017)
Impact: A user may be able to cause unexpected app termination or
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-37434: Evgeny Legerov
CVE-2022-42800: Evgeny Legerov
Entry added October 27, 2022
Additional recognition
Airport
We would like to acknowledge Joseph Salazar Acuña and Renato Llamoca
of Intrado-Life & Safety/Globant for their assistance.
AppleCredentialManager
We would like to acknowledge @jonathandata1 for their assistance.
FaceTime
We would like to acknowledge an anonymous researcher for their
assistance.
FileVault
We would like to acknowledge Timothy Perfitt of Twocanoes Software
for their assistance.
Find My
We would like to acknowledge an anonymous researcher for their
assistance.
Identity Services
We would like to acknowledge Joshua Jones for their assistance.
IOAcceleratorFamily
We would like to acknowledge Antonio Zekic (@antoniozekic) for their
assistance.
Kernel
We would like to acknowledge Peter Nguyen of STAR Labs, Tim Michaud
(@TimGMichaud) of Moveworks.ai, Tingting Yin of Tsinghua University,
and Min Zheng of Ant Group, Tommy Muir (@Muirey03), an anonymous
researcher for their assistance.
Mail
We would like to acknowledge an anonymous researcher for their
assistance.
Mail Drafts
We would like to acknowledge an anonymous researcher for their
assistance.
Networking
We would like to acknowledge Tim Michaud (@TimGMichaud) of Zoom Video
Communications for their assistance.
Photo Booth
We would like to acknowledge Prashanth Kannan of Dremio for their
assistance.
Quick Look
We would like to acknowledge Hilary “It’s off by a Pixel” Street for
their assistance.
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
smbx
We would like to acknowledge HD Moore of runZero Asset Inventory for
their assistance.
System
We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for
their assistance.
System Settings
We would like to acknowledge Bjorn Hellenbrand for their assistance.
UIKit
We would like to acknowledge Aleczander Ewing for their assistance.
WebKit
We would like to acknowledge Maddie Stone of Google Project Zero,
Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd., an
anonymous researcher for their assistance.
WebRTC
We would like to acknowledge an anonymous researcher for their
assistance.
macOS Ventura 13 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpkACgkQ4RjMIDke
Nxn20Q//SdZA//tLe1DDC4QfGZ/WQD8aTxpvI3AcHqLhg11MaGqv7QPQh18SbynC
/v3Kc4gcDBVNNOZQXNspf1AZXSiR7tK1z3hVZWjaEITRkaIbd8wtTsazdQN/kVq5
hyo7PT4H2W9IxAzwI4Dj9IM73WFkeevLiPEnf+MgWbNxlzLyiLiKiDFhMtEMYovb
h3bNU5ftmXG5U4+dMxLep/FI3F8kF4qLdDZRZ+hjTa85jDJb1+10a1P3X+oB4O6Z
Eois14XvlNUDEtUsXSsC+NgFvcrik6D9HfIQ+wgp6qye7PBwwdNwUCTsKXplnsLZ
qdWFBBoU6eTQZrAmU/TxGoHlRswtdTWz0hudwSJa2BhlOijtGqhrySHWchxFl4Ok
r5v/N55Kxds7FVTxPaAwWcnwyhQrXBX1HOz8F/qP2a4Z3qkQlcrsUdCDuB4hFTlJ
MzOnnLilad8P08RkhSi8qc8KNrNpB1N68Y0y8QLBEiUZAKklMGojVeH/2LpxKRAv
tswNHBZF1P2VEErz4xx+Mtwh3rQhII1Rda23M/tyAsEOY2yy8zy/VZfr/zBaIKrY
+aR9vzRFpKOjhsRIJqYtMzzM5zFxM01W+ofE4U9tYr7UWuJX0MVnftiZTUunSZXU
w3gRR2TpsxK+/BJD4T18jZmDtm3itublk37KT8ONTUX6E2tmxJA=
=lIdC
-----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may
have been actively exploited.
CVE-2022-32894: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited
| VAR-202109-0976 | CVE-2021-39534 | libslax Out-of-bounds write vulnerability in |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in libslax through v0.22.1. slaxIsCommentStart() in slaxlexer.c has a heap-based buffer overflow. libslax Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. libslax is an open source implementation of the SLAX language. No detailed vulnerability details are currently available
| VAR-202109-0975 | CVE-2021-39533 | libslax Out-of-bounds write vulnerability in |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a heap-based buffer overflow. libslax Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. libslax is an open source implementation of the SLAX language. No detailed vulnerability details are currently available
| VAR-202109-0974 | CVE-2021-39532 | libslax In NULL Pointer dereference vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
An issue was discovered in libslax through v0.22.1. A NULL pointer dereference exists in the function slaxLexer() located in slaxlexer.c. It allows an attacker to cause Denial of Service. libslax for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. libslax is an open source implementation of the SLAX language. There is a code problem vulnerability in libslax
| VAR-202109-0973 | CVE-2021-39531 | libslax Out-of-bounds write vulnerability in |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a stack-based buffer overflow. libslax Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. libslax is an open source implementation of the SLAX language. No detailed vulnerability details are currently available
| VAR-202110-1511 | CVE-2021-30850 | macOS and tvOS Vulnerability in |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system. macOS and tvOS Exists in unspecified vulnerabilities.Information may be obtained. APPLE-SA-2021-09-20-3 tvOS 15.
Installation note:
Apple TV will periodically check for software updates.
Information about the security content is also available at
https://support.apple.com/HT212804.
CoreGraphics
Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution. Apple is aware of a report that this issue may have
been actively exploited.
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro
Entry added September 20, 2021
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Entry added September 20, 2021
Gatekeeper
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved checks.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
Entry added September 20, 2021
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30847: Mike Zhang of Pangu Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30830: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30865: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
Entry added September 20, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30859: Apple
Entry added September 20, 2021
libexpat
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Entry added September 20, 2021
Preferences
Available for: macOS Big Sur
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Entry added September 20, 2021
Sandbox
Available for: macOS Big Sur
Impact: A user may gain access to protected parts of the file system
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30845: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A remote attacker may be able to leak memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs
Entry added September 20, 2021
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30858: an anonymous researcher
Additional recognition
APFS
We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
App Support
We would like to acknowledge @CodeColorist, an anonymous researcher
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Entry added September 20, 2021
CUPS
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added September 20, 2021
Kernel
We would like to acknowledge Anthony Steinhauser of Google's Safeside
project for their assistance.
Entry added September 20, 2021
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
Entry added September 20, 2021
smbx
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.
Entry added September 20, 2021
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p
rhi/Bg/9GiqXl8sxPjDpATJqneZ1GcAxWxBZgkFrcLV/cMwrVqniWsOeVHqHjMSY
eJUkGehUtKsYE0g8Uk0qJqOUl3dxxGJpIDytOQJB3TFdd1BpZSK/tOChVem1JV1B
+CMhqDnmR/u7bLqfCr1p6J5QJNHjTjgBA4RthdzZZ52pLGql7/2qfaJwpeHkheS4
5EKmch8zh0CGRqrUTg1HgY67ierNsz47jIU6n7UeMwjskRU3xM9VqJ9s4eKGAtSv
4Ry16pv0xUZ4cmL5EiLm2/eFbY8ByCji7jYPP0POBO4l518TGpaX2PaZBP9v0rrD
t6cPEZHnsRaZ49OYak6z9iA8teKGSs6aCMuzSxExvlT8+YySf1o1nefbRH/tZMfn
bwSO0ZyPsS9WYyuG/zX08U3CKOTkjqhLaOwVwte+cAeg2QS85aa9XPMG6PKcpyfu
R7auxS92+Dg+R+97dAsI9TprSutCTw4iY8lyK9MVJSnh+zQSZEihUh4EaSufTHRC
NlOSHvsTfXqsHaeed6sVKyX4ADHCUvRbCCIrqJKUs6waNd2T2XF7SzvgTSDJMHU9
4AL/jpnltTjDJTtMO999VZKNzYurrGiHvBs5zHWr91+eaHW8YGdsDERsX3BFYLe3
85i+Yge0iXlP7mT32cWxIw4AWDFITFiHnmV1/cdsCd2GIkqkhFw=
=9bjT
-----END PGP SIGNATURE-----
| VAR-202110-1513 | CVE-2021-30842 | plural Apple Product vulnerabilities |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15 and iPadOS 15. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-9 Additional information for
APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
iOS 15 and iPadOS 15 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212814.
Accessory Manager
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2021-30837: Siddharth Aeri (@b1n4r1b01)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to read sensitive information
Description: This issue was addressed with improved checks.
CVE-2021-30811: an anonymous researcher working with Compartir
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later,
iPad Pro (3rd generation) and later, iPad Air (3rd generation) and
later, and iPad mini (5th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges on devices with an Apple Neural Engine
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30838: proteas wang
bootp
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium)
Entry added October 25, 2021
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a malicious audio file may result in unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab
Entry added October 25, 2021
CoreML
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30825: hjy79425575 working with Trend Micro Zero Day
Initiative
Face ID
Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS
(all models), iPhone 11 (all models), iPhone 12 (all models), iPad
Pro (11-inch), and iPad Pro (3rd generation)
Impact: A 3D model constructed to look like the enrolled user may be
able to authenticate via Face ID
Description: This issue was addressed by improving Face ID anti-
spoofing models.
CVE-2021-30863: Wish Wu (吴潍浠 @wish_wu) of Ant-financial Light-Year
Security Lab
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: The issue was addressed with improved permissions logic.
CVE-2021-30816: Atharv (@atharv0x0)
Entry added October 25, 2021
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application with microphone permission may unexpectedly
access microphone input during a FaceTime call
Description: A logic issue was addressed with improved validation.
CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
Entry added October 25, 2021
iCloud Photo Library
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to access photo metadata
without needing permission to access photos
Description: The issue was addressed with improved authentication.
CVE-2021-30867: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30814: hjy79425575
Entry added October 25, 2021
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30835: Ye Zhang of Baidu Security
CVE-2021-30847: Mike Zhang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
libexpat
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30819: Apple
NetworkExtension
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A VPN configuration may be installed by an app without user
permission
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30874: Javier Vieira Boccardo (linkedin.com/javier-vieira-
boccardo)
Entry added October 25, 2021
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Quick Look
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Previewing an html file attached to a note may unexpectedly
contact remote servers
Description: A logic issue existed in the handling of document loads.
CVE-2021-30870: Saif Hamed Al Hinai Oman CERT
Entry added October 25, 2021
Sandbox
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved checks.
CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021
Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to view contacts from the lock
screen
Description: A lock screen issue allowed access to contacts on a
locked device.
CVE-2021-30815: an anonymous researcher
Telephony
Available for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad
Air 2, iPad (5th generation), and iPad mini 4
Impact: In certain situations, the baseband would fail to enable
integrity and ciphering protection
Description: A logic issue was addressed with improved state
management.
CVE-2021-30826: CheolJun Park, Sangwook Bae and BeomSeok Oh of KAIST
SysSec Lab
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: The issue was resolved with additional restrictions on
CSS compositing.
CVE-2021-30884: an anonymous researcher
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30809: an anonymous researcher
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30846: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30848: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30849: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2021-30851: Samuel Groß of Google Project Zero
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in physical proximity may be able to force a user
onto a malicious Wi-Fi network during device setup
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30810: an anonymous researcher
Additional recognition
Assets
We would like to acknowledge Cees Elzinga for their assistance.
Bluetooth
We would like to acknowledge an anonymous researcher for their
assistance.
File System
We would like to acknowledge Siddharth Aeri (@b1n4r1b01) for their
assistance.
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
UIKit
We would like to acknowledge an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "15"
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hy0ACgkQeC9qKD1p
rhiHNRAAwUaVHgd+whk6qGBZ3PYqSbvvuuo00rLW6JIqv9dwpEh9BBD//bSsUppb
41J5VaNoKDsonTLhXt0Mhn66wmhbGjLneMIoNb7ffl7O2xDQaWAr+HmoUm6wOo48
Kqj/wJGNJJov4ucBA6InpUz1ZevEhaPU4QMNedVck4YSl1GhtSTJsBAzVkMakQhX
uJ1fVdOJ5konmmQJLYxDUo60xqS0sZPchkwCM1zwR/SAZ70pt6P0MGI1Yddjcn1U
loAcKYVgkKAc9RWkXRskR1RxFBGivTI/gy5pDkLxfGfwFecf6PSR7MDki4xDeoVH
5FWXBwga8Uc/afGRqnFwTpdsisRZP8rQFwMam1T/DwgrWD8R2CCn/wOcvbtlWMIv
LczYCJFMELaXOjFF5duXaUJme97567OypYvhjBDtiIPg5MCGhZZCmpbRjkcUBZNJ
YQOELzq6CHWc96mjPOt34B0X2VXGhvgpQ0/evvcQe3bHv0F7N/acAlgsGe+e4Jn8
k0gWZocq+fPnl6YYgZKIGgcZWUl5bdqduApesEtpRU2ug2TE+xMOhMZXb1WLawJl
n/OtVHhIjft23r0MGgyWTIHMPe5DRvEPWGI3DS+55JX6XOxSGp9o6xgOAraZR4U6
HO/WbQOwj7SSKbyPxmDTp4OMyFPukbe92WIMh5EpFcILp6GTJqQ=
=lg51
-----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have
been actively exploited.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking. Apple is aware of a report that this issue
may have been actively exploited. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance.
Alternatively, on your watch, select "My Watch > General > About"
| VAR-202110-1512 | CVE-2021-30843 | plural Apple Product vulnerabilities |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15 and iPadOS 15.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-9 Additional information for
APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
iOS 15 and iPadOS 15 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212814.
Accessory Manager
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2021-30837: Siddharth Aeri (@b1n4r1b01)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to read sensitive information
Description: This issue was addressed with improved checks.
CVE-2021-30811: an anonymous researcher working with Compartir
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later,
iPad Pro (3rd generation) and later, iPad Air (3rd generation) and
later, and iPad mini (5th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges on devices with an Apple Neural Engine
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30838: proteas wang
bootp
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium)
Entry added October 25, 2021
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a malicious audio file may result in unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab
Entry added October 25, 2021
CoreML
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30825: hjy79425575 working with Trend Micro Zero Day
Initiative
Face ID
Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS
(all models), iPhone 11 (all models), iPhone 12 (all models), iPad
Pro (11-inch), and iPad Pro (3rd generation)
Impact: A 3D model constructed to look like the enrolled user may be
able to authenticate via Face ID
Description: This issue was addressed by improving Face ID anti-
spoofing models.
CVE-2021-30863: Wish Wu (吴潍浠 @wish_wu) of Ant-financial Light-Year
Security Lab
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: The issue was addressed with improved permissions logic.
CVE-2021-30816: Atharv (@atharv0x0)
Entry added October 25, 2021
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application with microphone permission may unexpectedly
access microphone input during a FaceTime call
Description: A logic issue was addressed with improved validation.
CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
Entry added October 25, 2021
iCloud Photo Library
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to access photo metadata
without needing permission to access photos
Description: The issue was addressed with improved authentication.
CVE-2021-30867: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30814: hjy79425575
Entry added October 25, 2021
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30835: Ye Zhang of Baidu Security
CVE-2021-30847: Mike Zhang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
libexpat
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30819: Apple
NetworkExtension
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A VPN configuration may be installed by an app without user
permission
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30874: Javier Vieira Boccardo (linkedin.com/javier-vieira-
boccardo)
Entry added October 25, 2021
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Quick Look
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Previewing an html file attached to a note may unexpectedly
contact remote servers
Description: A logic issue existed in the handling of document loads.
CVE-2021-30870: Saif Hamed Al Hinai Oman CERT
Entry added October 25, 2021
Sandbox
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved checks.
CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021
Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to view contacts from the lock
screen
Description: A lock screen issue allowed access to contacts on a
locked device.
CVE-2021-30815: an anonymous researcher
Telephony
Available for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad
Air 2, iPad (5th generation), and iPad mini 4
Impact: In certain situations, the baseband would fail to enable
integrity and ciphering protection
Description: A logic issue was addressed with improved state
management.
CVE-2021-30826: CheolJun Park, Sangwook Bae and BeomSeok Oh of KAIST
SysSec Lab
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: The issue was resolved with additional restrictions on
CSS compositing.
CVE-2021-30884: an anonymous researcher
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30809: an anonymous researcher
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30846: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30848: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30849: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2021-30851: Samuel Groß of Google Project Zero
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in physical proximity may be able to force a user
onto a malicious Wi-Fi network during device setup
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30810: an anonymous researcher
Additional recognition
Assets
We would like to acknowledge Cees Elzinga for their assistance.
Bluetooth
We would like to acknowledge an anonymous researcher for their
assistance.
File System
We would like to acknowledge Siddharth Aeri (@b1n4r1b01) for their
assistance.
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
UIKit
We would like to acknowledge an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "15"
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hy0ACgkQeC9qKD1p
rhiHNRAAwUaVHgd+whk6qGBZ3PYqSbvvuuo00rLW6JIqv9dwpEh9BBD//bSsUppb
41J5VaNoKDsonTLhXt0Mhn66wmhbGjLneMIoNb7ffl7O2xDQaWAr+HmoUm6wOo48
Kqj/wJGNJJov4ucBA6InpUz1ZevEhaPU4QMNedVck4YSl1GhtSTJsBAzVkMakQhX
uJ1fVdOJ5konmmQJLYxDUo60xqS0sZPchkwCM1zwR/SAZ70pt6P0MGI1Yddjcn1U
loAcKYVgkKAc9RWkXRskR1RxFBGivTI/gy5pDkLxfGfwFecf6PSR7MDki4xDeoVH
5FWXBwga8Uc/afGRqnFwTpdsisRZP8rQFwMam1T/DwgrWD8R2CCn/wOcvbtlWMIv
LczYCJFMELaXOjFF5duXaUJme97567OypYvhjBDtiIPg5MCGhZZCmpbRjkcUBZNJ
YQOELzq6CHWc96mjPOt34B0X2VXGhvgpQ0/evvcQe3bHv0F7N/acAlgsGe+e4Jn8
k0gWZocq+fPnl6YYgZKIGgcZWUl5bdqduApesEtpRU2ug2TE+xMOhMZXb1WLawJl
n/OtVHhIjft23r0MGgyWTIHMPe5DRvEPWGI3DS+55JX6XOxSGp9o6xgOAraZR4U6
HO/WbQOwj7SSKbyPxmDTp4OMyFPukbe92WIMh5EpFcILp6GTJqQ=
=lg51
-----END PGP SIGNATURE-----
. Apple is aware of a report that this issue may have
been actively exploited.
CVE-2021-30860: The Citizen Lab
CUPS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A permissions issue existed.
CVE-2021-30827: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to read arbitrary files as root
Description: This issue was addressed with improved checks.
CVE-2021-30828: an anonymous researcher
Entry added September 20, 2021
CUPS
Available for: macOS Big Sur
Impact: A local user may be able to execute arbitrary files
Description: A URI parsing issue was addressed with improved parsing.
CVE-2021-30829: an anonymous researcher
Entry added September 20, 2021
curl
Available for: macOS Big Sur
Impact: curl could potentially reveal sensitive internal information
to the server using a clear-text network protocol
Description: A buffer overflow was addressed with improved input
validation.
CVE-2021-22925
Entry added September 20, 2021
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30853: Gordon Long (@ethicalhax) of Box, Inc.
CVE-2021-30850: an anonymous researcher
Entry added September 20, 2021
SMB
Available for: macOS Big Sur
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking. Apple is aware of a report that this issue
may have been actively exploited. Nakagawa of FFRI Security, Inc.
for their assistance.
Entry added September 20, 2021
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance
| VAR-202110-1620 | CVE-2021-30849 | plural Apple Out-of-bounds write vulnerabilities in the product |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. iOS 15 and iPadOS 15. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security, bug fix, and enhancement update
Advisory ID: RHSA-2022:1777-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1777
Issue date: 2022-05-10
CVE Names: CVE-2021-30809 CVE-2021-30818 CVE-2021-30823
CVE-2021-30836 CVE-2021-30846 CVE-2021-30848
CVE-2021-30849 CVE-2021-30851 CVE-2021-30884
CVE-2021-30887 CVE-2021-30888 CVE-2021-30889
CVE-2021-30890 CVE-2021-30897 CVE-2021-30934
CVE-2021-30936 CVE-2021-30951 CVE-2021-30952
CVE-2021-30953 CVE-2021-30954 CVE-2021-30984
CVE-2021-45481 CVE-2021-45482 CVE-2021-45483
CVE-2022-22589 CVE-2022-22590 CVE-2022-22592
CVE-2022-22594 CVE-2022-22620 CVE-2022-22637
=====================================================================
1. Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
The following packages have been upgraded to a later upstream version:
webkit2gtk3 (2.34.6).
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.6 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
webkit2gtk3-2.34.6-1.el8.src.rpm
aarch64:
webkit2gtk3-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-devel-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.aarch64.rpm
ppc64le:
webkit2gtk3-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-devel-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.ppc64le.rpm
s390x:
webkit2gtk3-2.34.6-1.el8.s390x.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.s390x.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.s390x.rpm
webkit2gtk3-devel-2.34.6-1.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.s390x.rpm
x86_64:
webkit2gtk3-2.34.6-1.el8.i686.rpm
webkit2gtk3-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-debuginfo-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpm
webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-devel-2.34.6-1.el8.i686.rpm
webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.34.6-1.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-30809
https://access.redhat.com/security/cve/CVE-2021-30818
https://access.redhat.com/security/cve/CVE-2021-30823
https://access.redhat.com/security/cve/CVE-2021-30836
https://access.redhat.com/security/cve/CVE-2021-30846
https://access.redhat.com/security/cve/CVE-2021-30848
https://access.redhat.com/security/cve/CVE-2021-30849
https://access.redhat.com/security/cve/CVE-2021-30851
https://access.redhat.com/security/cve/CVE-2021-30884
https://access.redhat.com/security/cve/CVE-2021-30887
https://access.redhat.com/security/cve/CVE-2021-30888
https://access.redhat.com/security/cve/CVE-2021-30889
https://access.redhat.com/security/cve/CVE-2021-30890
https://access.redhat.com/security/cve/CVE-2021-30897
https://access.redhat.com/security/cve/CVE-2021-30934
https://access.redhat.com/security/cve/CVE-2021-30936
https://access.redhat.com/security/cve/CVE-2021-30951
https://access.redhat.com/security/cve/CVE-2021-30952
https://access.redhat.com/security/cve/CVE-2021-30953
https://access.redhat.com/security/cve/CVE-2021-30954
https://access.redhat.com/security/cve/CVE-2021-30984
https://access.redhat.com/security/cve/CVE-2021-45481
https://access.redhat.com/security/cve/CVE-2021-45482
https://access.redhat.com/security/cve/CVE-2021-45483
https://access.redhat.com/security/cve/CVE-2022-22589
https://access.redhat.com/security/cve/CVE-2022-22590
https://access.redhat.com/security/cve/CVE-2022-22592
https://access.redhat.com/security/cve/CVE-2022-22594
https://access.redhat.com/security/cve/CVE-2022-22620
https://access.redhat.com/security/cve/CVE-2022-22637
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-9 Additional information for
APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
iOS 15 and iPadOS 15 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212814.
Accessory Manager
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2021-30837: Siddharth Aeri (@b1n4r1b01)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to read sensitive information
Description: This issue was addressed with improved checks.
CVE-2021-30811: an anonymous researcher working with Compartir
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later,
iPad Pro (3rd generation) and later, iPad Air (3rd generation) and
later, and iPad mini (5th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges on devices with an Apple Neural Engine
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30838: proteas wang
bootp
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium)
Entry added October 25, 2021
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a malicious audio file may result in unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab
Entry added October 25, 2021
CoreML
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30825: hjy79425575 working with Trend Micro Zero Day
Initiative
Face ID
Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS
(all models), iPhone 11 (all models), iPhone 12 (all models), iPad
Pro (11-inch), and iPad Pro (3rd generation)
Impact: A 3D model constructed to look like the enrolled user may be
able to authenticate via Face ID
Description: This issue was addressed by improving Face ID anti-
spoofing models.
CVE-2021-30863: Wish Wu (吴潍浠 @wish_wu) of Ant-financial Light-Year
Security Lab
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: The issue was addressed with improved permissions logic.
CVE-2021-30816: Atharv (@atharv0x0)
Entry added October 25, 2021
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application with microphone permission may unexpectedly
access microphone input during a FaceTime call
Description: A logic issue was addressed with improved validation.
CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
Entry added October 25, 2021
iCloud Photo Library
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to access photo metadata
without needing permission to access photos
Description: The issue was addressed with improved authentication.
CVE-2021-30867: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30814: hjy79425575
Entry added October 25, 2021
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30835: Ye Zhang of Baidu Security
CVE-2021-30847: Mike Zhang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
libexpat
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30819: Apple
NetworkExtension
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A VPN configuration may be installed by an app without user
permission
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30874: Javier Vieira Boccardo (linkedin.com/javier-vieira-
boccardo)
Entry added October 25, 2021
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Quick Look
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Previewing an html file attached to a note may unexpectedly
contact remote servers
Description: A logic issue existed in the handling of document loads.
CVE-2021-30870: Saif Hamed Al Hinai Oman CERT
Entry added October 25, 2021
Sandbox
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved checks.
CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021
Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to view contacts from the lock
screen
Description: A lock screen issue allowed access to contacts on a
locked device.
CVE-2021-30815: an anonymous researcher
Telephony
Available for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad
Air 2, iPad (5th generation), and iPad mini 4
Impact: In certain situations, the baseband would fail to enable
integrity and ciphering protection
Description: A logic issue was addressed with improved state
management.
CVE-2021-30826: CheolJun Park, Sangwook Bae and BeomSeok Oh of KAIST
SysSec Lab
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: The issue was resolved with additional restrictions on
CSS compositing.
CVE-2021-30884: an anonymous researcher
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30809: an anonymous researcher
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30846: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30848: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30849: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2021-30851: Samuel Groß of Google Project Zero
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in physical proximity may be able to force a user
onto a malicious Wi-Fi network during device setup
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30810: an anonymous researcher
Additional recognition
Assets
We would like to acknowledge Cees Elzinga for their assistance.
Bluetooth
We would like to acknowledge an anonymous researcher for their
assistance.
File System
We would like to acknowledge Siddharth Aeri (@b1n4r1b01) for their
assistance.
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
UIKit
We would like to acknowledge an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "15"
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hy0ACgkQeC9qKD1p
rhiHNRAAwUaVHgd+whk6qGBZ3PYqSbvvuuo00rLW6JIqv9dwpEh9BBD//bSsUppb
41J5VaNoKDsonTLhXt0Mhn66wmhbGjLneMIoNb7ffl7O2xDQaWAr+HmoUm6wOo48
Kqj/wJGNJJov4ucBA6InpUz1ZevEhaPU4QMNedVck4YSl1GhtSTJsBAzVkMakQhX
uJ1fVdOJ5konmmQJLYxDUo60xqS0sZPchkwCM1zwR/SAZ70pt6P0MGI1Yddjcn1U
loAcKYVgkKAc9RWkXRskR1RxFBGivTI/gy5pDkLxfGfwFecf6PSR7MDki4xDeoVH
5FWXBwga8Uc/afGRqnFwTpdsisRZP8rQFwMam1T/DwgrWD8R2CCn/wOcvbtlWMIv
LczYCJFMELaXOjFF5duXaUJme97567OypYvhjBDtiIPg5MCGhZZCmpbRjkcUBZNJ
YQOELzq6CHWc96mjPOt34B0X2VXGhvgpQ0/evvcQe3bHv0F7N/acAlgsGe+e4Jn8
k0gWZocq+fPnl6YYgZKIGgcZWUl5bdqduApesEtpRU2ug2TE+xMOhMZXb1WLawJl
n/OtVHhIjft23r0MGgyWTIHMPe5DRvEPWGI3DS+55JX6XOxSGp9o6xgOAraZR4U6
HO/WbQOwj7SSKbyPxmDTp4OMyFPukbe92WIMh5EpFcILp6GTJqQ=
=lg51
-----END PGP SIGNATURE-----
.
CVE-2021-30851: Samuel Groß of Google Project Zero
Installation note:
This update may be obtained from the Mac App Store. Apple is aware of a report that this issue may have
been actively exploited. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30846: Sergei Glazunov of Google Project Zero
Entry added September 20, 2021
Additional recognition
CoreML
We would like to acknowledge hjy79425575 working with Trend Micro
Zero Day Initiative for their assistance
| VAR-202109-1969 | No CVE | Ruijie NBR router has a command execution vulnerability (CNVD-2021-58700) |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, and storage.
Ruijie NBR router has a command execution vulnerability. Attackers can use this vulnerability to gain control of the server.
| VAR-202109-1973 | No CVE | Huawei SVN2230 has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Huawei SVN2230 is a VPN gateway.
Huawei SVN2230 has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202109-1966 | CVE-2021-3733 | Python Software Foundation of Python Vulnerability related to resource exhaustion in products of multiple vendors |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. Python Software Foundation of Python Products from other vendors have resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be in a state. Python is an open source, object-oriented programming language developed by the Python Foundation. The language is scalable, supports modules and packages, and supports multiple platforms. A code issue vulnerability exists in Python due to a failure in the product to properly handle RCFS. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: python38:3.8 and python38-devel:3.8 security update
Advisory ID: RHSA-2022:1764-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:1764
Issue date: 2022-05-10
CVE Names: CVE-2021-3733 CVE-2021-3737 CVE-2021-43818
CVE-2022-0391
=====================================================================
1. Summary:
An update for the python38:3.8 and python38-devel:3.8 modules is now
available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - noarch
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
3. Description:
Python is an interpreted, interactive, object-oriented programming
language, which includes modules, classes, exceptions, very high level
dynamic data types and dynamic typing. Python supports interfaces to many
system calls and libraries, as well as to various windowing systems.
The following packages have been upgraded to a later upstream version:
python38 (3.8), python38-devel (3.8). (BZ#1997680, BZ#1997860)
Security Fix(es):
* python: urllib: Regular expression DoS in AbstractBasicAuthHandler
(CVE-2021-3733)
* python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass
through (CVE-2021-43818)
* python: urllib.parse does not sanitize URLs containing ASCII newline and
tabs (CVE-2022-0391)
* python: urllib: HTTP client possible infinite loop on a 100 Continue
response (CVE-2021-3737)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.6 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1995162 - CVE-2021-3737 python: urllib: HTTP client possible infinite loop on a 100 Continue response
1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler
2004587 - Update the python interpreter to the latest security release 3.8.12
2006789 - RHEL 8 Python 3.8: pip contains bundled pre-built exe files in site-packages/pip/_vendor/distlib/
2032569 - CVE-2021-43818 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through
2047376 - CVE-2022-0391 python: urllib.parse does not sanitize URLs containing ASCII newline and tabs
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.src.rpm
PyYAML-5.4.1-1.module+el8.5.0+10721+14d8e0d5.src.rpm
babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.src.rpm
mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.src.rpm
numpy-1.17.3-6.module+el8.5.0+12205+a865257a.src.rpm
python-PyMySQL-0.10.1-1.module+el8.4.0+9692+8e86ab84.src.rpm
python-asn1crypto-1.2.0-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-chardet-3.0.4-19.module+el8.4.0+8888+89bc7e79.src.rpm
python-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-idna-2.8-6.module+el8.4.0+8888+89bc7e79.src.rpm
python-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.src.rpm
python-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.src.rpm
python-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.src.rpm
python-ply-3.11-10.module+el8.4.0+9579+e9717e18.src.rpm
python-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.src.rpm
python-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.src.rpm
python-pycparser-2.19-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-pysocks-1.7.1-4.module+el8.4.0+8888+89bc7e79.src.rpm
python-requests-2.22.0-9.module+el8.4.0+8888+89bc7e79.src.rpm
python-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.src.rpm
python-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.src.rpm
python38-3.8.12-1.module+el8.6.0+12642+c3710b74.src.rpm
python3x-pip-19.3.1-5.module+el8.6.0+13002+70cfc74a.src.rpm
python3x-setuptools-41.6.0-5.module+el8.5.0+12205+a865257a.src.rpm
python3x-six-1.12.0-10.module+el8.4.0+8888+89bc7e79.src.rpm
pytz-2019.3-3.module+el8.4.0+8888+89bc7e79.src.rpm
scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.src.rpm
aarch64:
Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm
numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm
python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.aarch64.rpm
python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm
python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm
python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm
python38-debuginfo-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm
python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm
python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm
python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm
python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm
python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.aarch64.rpm
python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.aarch64.rpm
python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.aarch64.rpm
python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm
python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.aarch64.rpm
python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm
python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.aarch64.rpm
python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm
python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.aarch64.rpm
scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.aarch64.rpm
noarch:
python38-PyMySQL-0.10.1-1.module+el8.4.0+9692+8e86ab84.noarch.rpm
python38-asn1crypto-1.2.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.noarch.rpm
python38-chardet-3.0.4-19.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-idna-2.8-6.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.noarch.rpm
python38-numpy-doc-1.17.3-6.module+el8.5.0+12205+a865257a.noarch.rpm
python38-pip-19.3.1-5.module+el8.6.0+13002+70cfc74a.noarch.rpm
python38-pip-wheel-19.3.1-5.module+el8.6.0+13002+70cfc74a.noarch.rpm
python38-ply-3.11-10.module+el8.4.0+9579+e9717e18.noarch.rpm
python38-pycparser-2.19-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-pysocks-1.7.1-4.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-pytz-2019.3-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-requests-2.22.0-9.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-rpm-macros-3.8.12-1.module+el8.6.0+12642+c3710b74.noarch.rpm
python38-setuptools-41.6.0-5.module+el8.5.0+12205+a865257a.noarch.rpm
python38-setuptools-wheel-41.6.0-5.module+el8.5.0+12205+a865257a.noarch.rpm
python38-six-1.12.0-10.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.noarch.rpm
python38-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm
python38-wheel-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm
ppc64le:
Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm
numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm
python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.ppc64le.rpm
python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm
python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm
python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm
python38-debuginfo-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm
python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm
python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm
python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm
python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm
python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.ppc64le.rpm
python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.ppc64le.rpm
python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.ppc64le.rpm
python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm
python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.ppc64le.rpm
python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm
python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.ppc64le.rpm
python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm
python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.ppc64le.rpm
scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.ppc64le.rpm
s390x:
Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm
numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm
python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.s390x.rpm
python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm
python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm
python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm
python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm
python38-debuginfo-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm
python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm
python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm
python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm
python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm
python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.s390x.rpm
python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.s390x.rpm
python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm
python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm
python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.s390x.rpm
python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm
python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.s390x.rpm
python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm
python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.s390x.rpm
python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm
python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.s390x.rpm
scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.s390x.rpm
x86_64:
Cython-debugsource-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm
numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm
python-cffi-debugsource-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python-cryptography-debugsource-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python-lxml-debugsource-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm
python-markupsafe-debugsource-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm
python-psycopg2-debugsource-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm
python38-Cython-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-Cython-debuginfo-0.29.14-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-cffi-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-cffi-debuginfo-1.13.2-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-cryptography-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-cryptography-debuginfo-2.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-debug-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm
python38-debuginfo-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm
python38-debugsource-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm
python38-devel-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm
python38-idle-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm
python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm
python38-lxml-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm
python38-lxml-debuginfo-4.4.1-7.module+el8.6.0+13958+214a5473.x86_64.rpm
python38-markupsafe-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-markupsafe-debuginfo-1.1.1-6.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-mod_wsgi-4.6.8-3.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-numpy-debuginfo-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm
python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm
python38-psutil-debuginfo-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm
python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-psycopg2-debuginfo-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-psycopg2-doc-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-psycopg2-tests-2.8.4-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm
python38-pyyaml-debuginfo-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm
python38-scipy-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-scipy-debuginfo-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
python38-test-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm
python38-tkinter-3.8.12-1.module+el8.6.0+12642+c3710b74.x86_64.rpm
scipy-debugsource-1.3.1-4.module+el8.4.0+8888+89bc7e79.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
Source:
pytest-4.6.6-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-atomicwrites-1.3.0-8.module+el8.4.0+8888+89bc7e79.src.rpm
python-attrs-19.3.0-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-more-itertools-7.2.0-5.module+el8.4.0+8888+89bc7e79.src.rpm
python-packaging-19.2-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-pluggy-0.13.0-3.module+el8.4.0+8888+89bc7e79.src.rpm
python-py-1.8.0-8.module+el8.4.0+8888+89bc7e79.src.rpm
python-wcwidth-0.1.7-16.module+el8.4.0+8888+89bc7e79.src.rpm
python3x-pyparsing-2.4.5-3.module+el8.4.0+8888+89bc7e79.src.rpm
noarch:
python38-atomicwrites-1.3.0-8.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-attrs-19.3.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-more-itertools-7.2.0-5.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-packaging-19.2-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-pluggy-0.13.0-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-py-1.8.0-8.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-pyparsing-2.4.5-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-pytest-4.6.6-3.module+el8.4.0+8888+89bc7e79.noarch.rpm
python38-wcwidth-0.1.7-16.module+el8.4.0+8888+89bc7e79.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-3733
https://access.redhat.com/security/cve/CVE-2021-3737
https://access.redhat.com/security/cve/CVE-2021-43818
https://access.redhat.com/security/cve/CVE-2022-0391
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYnqQbtzjgjWX9erEAQgnnBAAim+GuSrydBbxi0s4w6LR+l5XTnTzDmkl
Zq12+m7sT8mq0veWvias08iivuoOeN0ibSMx5yymrD0RJe+kS1PbJ9xyfDAaDiN9
K6wOPJhvVuzDJRgrkuI80ABZR9MLQCb8Csb/RepkkGtko/kGRzRnIqe7q53LNi8z
5o6eSrC1+96J1J+CmB8jAUeZPwFeX9B3bq2Fc20I9uhgg3H9lT0dD0ovc4G/u+/3
oRbJLpQdg9zBweMIfxiilHyeaOYLuok8bQ2OU0fglZVasX4pb6R4NLg99fAbbhpe
WX/oZel5cwo9CvkdD8v4CDUqT8I0xlOpOoemd4Mwg/yo8ITTt16lWNxxkY0kPH6K
oj6hvkv/akPO+CTFqHqKOvrUKvbmyFhtehic+7RkWcPNpKrXtHihcuyScWRkxG5J
mCev5DDmvw7rGoYiDl7gPEzBm6b/xxROMYtwfONiDaphmbQm9eimdJ5sYJ4+Zfu2
0aqPoJ1ARZUNlhuYTW2sa9yoE1v8RIHtppCmgblEEGNv/Nh5pFiDktfaOLbF4X37
D+dQfyiICf3FHo6LzGIY4B6w3T7FtezMOZSThzwYnq5I1qexlyL/Ug9TwHtA6ez+
0OwkzfjbktW7lzRvij47/YIl2LvOteQutYa8xbiADZVSPkYNAnh0B7EZ/+reGra6
CNbxA3ArPQc=
=3Ugn
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. ==========================================================================
Ubuntu Security Notice USN-5200-1
December 17, 2021
python3.7, python3.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Python could be made to crash if it receives specially crafted input
from a malicious server.
(CVE-2020-8492)
It was discovered that the urllib.request.AbstractBasicAuthHandler class
in Python contains regex with a quadratic worst-case time complexity.
(CVE-2021-3737)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
libpython3.7-stdlib 3.7.5-2ubuntu1~18.04.2
libpython3.8-stdlib 3.8.0-3ubuntu1~18.04.2
python3.7 3.7.5-2ubuntu1~18.04.2
python3.7-minimal 3.7.5-2ubuntu1~18.04.2
python3.8 3.8.0-3ubuntu1~18.04.2
python3.8-minimal 3.8.0-3ubuntu1~18.04.2
In general, a standard system update will make all the necessary changes.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 ESM. An attacker could possibly use this issue to
cause a denial of service. Solution:
For OpenShift Container Platform 4.8 see the following documentation, which
will be updated shortly for this release, for important instructions on how
to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
For Red Hat OpenShift Logging 5.1, see the following instructions to apply
this update:
https://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html
4. Bugs fixed (https://bugzilla.redhat.com/):
1948761 - CVE-2021-23369 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option
1956688 - CVE-2021-23383 nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option
5. JIRA issues fixed (https://issues.jboss.org/):
LOG-1858 - OpenShift Alerting Rules Style-Guide Compliance
LOG-1917 - [release-5.1] Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server
6. 8) - aarch64, ppc64le, s390x, x86_64
3. Bugs fixed (https://bugzilla.redhat.com/):
1995234 - CVE-2021-3733 python: urllib: Regular expression DoS in AbstractBasicAuthHandler
6.
This version of the OpenShift Serverless Operator is supported on Red Hat
OpenShift Container Platform versions 4.6, 4.7, 4.8 and 4.9, and includes
security and bug fixes and enhancements. Bugs fixed (https://bugzilla.redhat.com/):
1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic
2016256 - Release of OpenShift Serverless Eventing 1.19.0
2016258 - Release of OpenShift Serverless Serving 1.19.0
5. 7) - noarch, x86_64
3