VARIoT IoT vulnerabilities database
| VAR-202104-0607 | CVE-2021-1771 | Apple macOS Security hole |
CVSS V2: 4.3 CVSS V3: 3.3 Severity: LOW |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. A security vulnerability exists in Apple macOS caused by incorrect access restrictions in the "Messages" component of macOS. Vulnerabilities exist in the following products or versions: macOS 10.3, macOS 10.12.4, macOS 10.12.5, macOS 10.12.6, macOS 10.12.6.2, macOS 10.13, macOS 10.13.1, macOS 10.13.2, macOS 10.13.3, macOS 10.13 .4, macOS 10.13.5, macOS 10.13.6, macOS 10.14, macOS 10.14.1, macOS 10.14.2, macOS 10.14.3, macOS 10.14.4, macOS 10.14.5, macOS 10.14.6, macOS 10.15, macOS 10.15 SU1, macOS 10.15.1, macOS 10.15.2, macOS 10.15.3, macOS 10.15.4, macOS 10.15.4 SU1, macOS 10.15.5, macOS 10.15.5 SU1, macOS 10.15.6, macOS 10.15.6 SU1 , macOS 10.15.7, macOS 10.15.7 SU1, macOS 11.0, macOS 11.0.1, macOS 11.1
| VAR-202104-0615 | CVE-2021-1792 | Apple macOS CoreText TTF Parsing Out-of-Bounds Read Information Disclosure Vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of TTF fonts. Crafted data in a TTF font can trigger a read past the end of an allocated data structure. Apple CoreText is a core component used for drawing text in mobile devices by Apple in the United States. A resource management error vulnerability exists in Apple CoreText, which is caused by the application not being in the boundary condition of the CoreText component in macOS. A remote attacker could create a specially crafted file that tricks a victim into opening it, triggering an out-of-bounds read error and reading the contents of memory on the system. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-02-01-3 Additional information for
APPLE-SA-2021-01-26-2 tvOS 14.4
tvOS 14.4 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212149.
Analytics
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Entry added February 1, 2021
APFS
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
Entry added February 1, 2021
CoreAnimation
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
Entry added February 1, 2021
CoreGraphics
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
Entry added February 1, 2021
CoreMedia
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
Entry added February 1, 2021
CoreText
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro
Entry added February 1, 2021
CoreText
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Crash Reporter
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to create or modify system files
Description: A logic issue was addressed with improved state
management.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Crash Reporter
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1787: James Hutchins
Entry added February 1, 2021
FairPlay
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro
Entry added February 1, 2021
FontParser
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: This issue was addressed with improved checks.
CVE-2021-1766: Danny Rosseau of Carve Systems
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-financial Light-Year Security Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Qi Sun of Trend Micro
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
IOSkywalkFamily
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba
Security
Entry added February 1, 2021
iTunes Store
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1764: Maxime Villard (m00nbsd)
Entry added February 1, 2021
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Entry added February 1, 2021
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Swift
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
Entry added February 1, 2021
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1801: Eliya Stein of Confiant
Entry added February 1, 2021
WebRTC
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Entry added February 1, 2021
Additional recognition
iTunes Store
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
Entry added February 1, 2021
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Store Demo
We would like to acknowledge @08Tc3wBB for their assistance.
Entry added February 1, 2021
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtcACgkQZcsbuWJ6
jjC2WQ//bJVyj/RBYwoj3boUw/SH7hZ+n6Ho3KPRZQE2XWZ0KSODHSoXOgaf5xX7
xWAf5vbOGdEueWj476hmlZZPediB7SJK6xEkvg3SKzZrc5+MlgRUjnrNd/qygi75
tPXjpkyIAHBY5Ik+uoSyxkLkCn3i50KFwtJCmyibl3ayb1XA2/jUA4FtQkhz3HrM
ZhMkBPOSObKkGiyj90eBNmeJRSwrxvBQPcp/EwqHbND+Y8UYAQ9ZDbHXWBVuDeRV
R1No2qLit0TCs6MZnVP2CKNprXMy/bHLlNeVYGGIu1W+qQ3I30XvlY69VcH6JdVF
xz6JIiXAJoOYDUFzesY2b8kMe7jiZnnDK+gWHeodV4oirsImITTlGY4gdiGb30Ag
2XDFpGedK0g+fD+SKI0lCOColTi6IEtTRm4/0ClI0HMc0akJn3qZXOz+iXzTZCa3
tssd6H2lZAW98GmsnMazUdEyGR+9I9RSvaJkLNOBxgDG+NURoTJ6vxHH2B3DYb/+
i+blVGMt7EBIZNwloOR8Fc+Ho5YTCFIwSxeqUzS9Vw53Bx7qA0AVd6CPPJSctWZ0
WKg1N3iW+dBWLWr43idEUNgUADL8Ya35Q6EwW+FxMHLwS11d7xA24AT14vJyi+4w
ftTKFGZsNaUGMo2dCZNUnyC23xv3R8GYso0jc3DL4e1pAmeW2Rk=0JBx
-----END PGP SIGNATURE-----
| VAR-202104-0610 | CVE-2021-1787 | Apple macOS Security hole |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. There is a security vulnerability in Apple macOS, which is caused by insufficient validation of user-supplied input in the Crash Reporter component in macOS. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack. Vulnerabilities exist in the following products or versions: macOS 10.15, macOS 10.15 SU1, macOS 10.15.1, macOS 10.15.2, macOS 10.15.3, macOS 10.15.4, macOS 10.15.4 SU1, macOS 10.15.5, macOS 11.55.5 SU1 , macOS 15.65.6, macOS 10.15.6 SU1, macOS 10.15.7, 10.15.7 SU1, macOS 11.0, macOS 11.0.1, macOS 11.1. By using a specially-crafted application, an attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-02-01-3 Additional information for
APPLE-SA-2021-01-26-2 tvOS 14.4
tvOS 14.4 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212149.
Analytics
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Entry added February 1, 2021
APFS
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
Entry added February 1, 2021
CoreAnimation
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
Entry added February 1, 2021
CoreGraphics
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
Entry added February 1, 2021
CoreMedia
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
Entry added February 1, 2021
CoreText
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro
Entry added February 1, 2021
CoreText
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Crash Reporter
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to create or modify system files
Description: A logic issue was addressed with improved state
management.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Crash Reporter
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1787: James Hutchins
Entry added February 1, 2021
FairPlay
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro
Entry added February 1, 2021
FontParser
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: This issue was addressed with improved checks.
CVE-2021-1766: Danny Rosseau of Carve Systems
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-financial Light-Year Security Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Qi Sun of Trend Micro
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
IOSkywalkFamily
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba
Security
Entry added February 1, 2021
iTunes Store
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1764: Maxime Villard (m00nbsd)
Entry added February 1, 2021
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Entry added February 1, 2021
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Swift
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
Entry added February 1, 2021
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1801: Eliya Stein of Confiant
Entry added February 1, 2021
WebRTC
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Entry added February 1, 2021
Additional recognition
iTunes Store
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
Entry added February 1, 2021
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Store Demo
We would like to acknowledge @08Tc3wBB for their assistance.
Entry added February 1, 2021
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtcACgkQZcsbuWJ6
jjC2WQ//bJVyj/RBYwoj3boUw/SH7hZ+n6Ho3KPRZQE2XWZ0KSODHSoXOgaf5xX7
xWAf5vbOGdEueWj476hmlZZPediB7SJK6xEkvg3SKzZrc5+MlgRUjnrNd/qygi75
tPXjpkyIAHBY5Ik+uoSyxkLkCn3i50KFwtJCmyibl3ayb1XA2/jUA4FtQkhz3HrM
ZhMkBPOSObKkGiyj90eBNmeJRSwrxvBQPcp/EwqHbND+Y8UYAQ9ZDbHXWBVuDeRV
R1No2qLit0TCs6MZnVP2CKNprXMy/bHLlNeVYGGIu1W+qQ3I30XvlY69VcH6JdVF
xz6JIiXAJoOYDUFzesY2b8kMe7jiZnnDK+gWHeodV4oirsImITTlGY4gdiGb30Ag
2XDFpGedK0g+fD+SKI0lCOColTi6IEtTRm4/0ClI0HMc0akJn3qZXOz+iXzTZCa3
tssd6H2lZAW98GmsnMazUdEyGR+9I9RSvaJkLNOBxgDG+NURoTJ6vxHH2B3DYb/+
i+blVGMt7EBIZNwloOR8Fc+Ho5YTCFIwSxeqUzS9Vw53Bx7qA0AVd6CPPJSctWZ0
WKg1N3iW+dBWLWr43idEUNgUADL8Ya35Q6EwW+FxMHLwS11d7xA24AT14vJyi+4w
ftTKFGZsNaUGMo2dCZNUnyC23xv3R8GYso0jc3DL4e1pAmeW2Rk=0JBx
-----END PGP SIGNATURE-----
| VAR-202104-0614 | CVE-2021-1791 | Apple iOS FairplayIOKit Out-Of-Bounds Read Information Disclosure Vulnerability |
CVSS V2: 7.1 CVSS V3: 5.5 Severity: MEDIUM |
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory. This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple iOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the FairplayIOKit kext. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. Apple FairPlay is a core component of Apple in the United States for providing media playback functions for devices. A resource management error vulnerability exists in Apple FairPlay due to a boundary condition within the FairPlay component in macOS. Vulnerabilities exist in the following product or version: macOS Big Sur 11.0.1.
The specific flaw exists within the FairplayIOKit kext. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-02-01-3 Additional information for
APPLE-SA-2021-01-26-2 tvOS 14.4
tvOS 14.4 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212149.
Analytics
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Entry added February 1, 2021
APFS
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
Entry added February 1, 2021
CoreAnimation
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
Entry added February 1, 2021
CoreGraphics
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
Entry added February 1, 2021
CoreMedia
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
Entry added February 1, 2021
CoreText
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro
Entry added February 1, 2021
CoreText
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Crash Reporter
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to create or modify system files
Description: A logic issue was addressed with improved state
management.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Crash Reporter
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro
Entry added February 1, 2021
FontParser
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: This issue was addressed with improved checks.
CVE-2021-1766: Danny Rosseau of Carve Systems
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-financial Light-Year Security Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Qi Sun of Trend Micro
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
IOSkywalkFamily
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba
Security
Entry added February 1, 2021
iTunes Store
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1764: Maxime Villard (m00nbsd)
Entry added February 1, 2021
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Entry added February 1, 2021
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Swift
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
Entry added February 1, 2021
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1801: Eliya Stein of Confiant
Entry added February 1, 2021
WebRTC
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Entry added February 1, 2021
Additional recognition
iTunes Store
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
Entry added February 1, 2021
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Store Demo
We would like to acknowledge @08Tc3wBB for their assistance.
Entry added February 1, 2021
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtcACgkQZcsbuWJ6
jjC2WQ//bJVyj/RBYwoj3boUw/SH7hZ+n6Ho3KPRZQE2XWZ0KSODHSoXOgaf5xX7
xWAf5vbOGdEueWj476hmlZZPediB7SJK6xEkvg3SKzZrc5+MlgRUjnrNd/qygi75
tPXjpkyIAHBY5Ik+uoSyxkLkCn3i50KFwtJCmyibl3ayb1XA2/jUA4FtQkhz3HrM
ZhMkBPOSObKkGiyj90eBNmeJRSwrxvBQPcp/EwqHbND+Y8UYAQ9ZDbHXWBVuDeRV
R1No2qLit0TCs6MZnVP2CKNprXMy/bHLlNeVYGGIu1W+qQ3I30XvlY69VcH6JdVF
xz6JIiXAJoOYDUFzesY2b8kMe7jiZnnDK+gWHeodV4oirsImITTlGY4gdiGb30Ag
2XDFpGedK0g+fD+SKI0lCOColTi6IEtTRm4/0ClI0HMc0akJn3qZXOz+iXzTZCa3
tssd6H2lZAW98GmsnMazUdEyGR+9I9RSvaJkLNOBxgDG+NURoTJ6vxHH2B3DYb/+
i+blVGMt7EBIZNwloOR8Fc+Ho5YTCFIwSxeqUzS9Vw53Bx7qA0AVd6CPPJSctWZ0
WKg1N3iW+dBWLWr43idEUNgUADL8Ya35Q6EwW+FxMHLwS11d7xA24AT14vJyi+4w
ftTKFGZsNaUGMo2dCZNUnyC23xv3R8GYso0jc3DL4e1pAmeW2Rk=0JBx
-----END PGP SIGNATURE-----
| VAR-202104-0626 | CVE-2021-1745 | Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. There is a resource management error vulnerability in the Apple IO Model, which originates from the boundary condition when handling USB files in the Model I/O component in macOS. A local user could insert a specially crafted USB drive, trigger an out-of-bounds read error and crash the system. Information
about the security content is also available at
https://support.apple.com/HT212147.
CVE-2021-1761: Cees Elzinga
APFS
Available for: macOS Big Sur 11.0.1
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
CFNetwork Cache
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team
CoreAnimation
Available for: macOS Big Sur 11.0.1
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
CoreAudio
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
CoreMedia
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Crash Reporter
Available for: macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Crash Reporter
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Directory Utility
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to access private
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-27937: Wojciech Reguła (@_r3ggi) of SecuRing
Endpoint Security
Available for: macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response
Center
FairPlay
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro
FontParser
Available for: macOS Mojave 10.14.6
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab
FontParser
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light-
Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1766: Danny Rosseau of Carve Systems
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant
Security Light-Year Lab
CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1738: Lei Sun
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
IOKit
Available for: macOS Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A logic error in kext loading was addressed with
improved state handling.
CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security
IOSkywalkFamily
Available for: macOS Big Sur 11.0.1
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security,
Proteas
Kernel
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Kernel
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Login Window
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: An attacker in a privileged network position may be able to
bypass authentication policy
Description: An authentication issue was addressed with improved
state management.
CVE-2020-29633: Jewel Lambert of Original Spin, LLC.
CVE-2021-1762: Mickey Jin of Trend Micro
Model I/O
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
NetFSFramework
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-25709
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan
Screen Sharing
Available for: macOS Big Sur 11.0.1
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2019-20838
CVE-2020-14155
SQLite
Available for: macOS Catalina 10.15.7
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Swift
Available for: macOS Big Sur 11.0.1
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1765: Eliya Stein of Confiant
CVE-2021-1801: Eliya Stein of Confiant
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
WebKit
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: macOS Big Sur 11.0.1
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Additional recognition
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Login Window
We would like to acknowledge Jose Moises Romero-Villanueva of
CrySolve for their assistance.
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Screen Sharing Server
We would like to acknowledge @gorelics for their assistance.
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgrkACgkQZcsbuWJ6
jjATvhAAmcspGY8ZHJcSUGr9mysz5iT9oGkZcvFa8kcJsFAvFb9Wjz0M2eovBXQc
D9bD7LrUpodiqkSobB4bEevpD9P8E/T/eRSBxjomKLv5DKHPT4eh/K2EU6R6ubVi
GGNlT9DJrIxcTJIB2y/yfs8msV2w2/gZDLKJZP4Zh6t8G1sjI17iEaxpOph67aq2
X0d+P7+7q1mUBa47JEQ+HIUNlfHtBL825cnmHD2Vn1WELQLKZfXBl+nPM9l9naRc
3vYIvR7xJ5c4bqFx7N9xwGdQ5TRIoDijqADwggGwOZEiVZ7PWifj/iCLUz4Ks4hr
oGVE1UxN1oSX63D44ZQyfiyIWIiMtDV9V4J6mUoUnZ6RTTMoRRAF9DcSVF5/wmHk
odYnMeouHc543ZyVBtdtwJ/tbuBvTOjzpNn0+UgiyRL9wG/xxQq+gB4vwgSEviek
bBhyvdxLVWW0ULwFeN5rI5bCQBkv6BB9OSyhD6sMRrp59NAgBBS2nstZG1RAt7XL
2KZ1GpoNcuDRLj7ElxAfeJuPM1dFVTK48SH56M1FElz/QowZVOXyKgUoaeVTUyAC
3WOACmFAosFIclCbr8z8yGynX2bsCGBNKv4pKoHlyZCyFHCQw9L6uR2gRkOp86+M
iqHtE2L1WUZvUMCIKxfdixILEfoacSVCxr3+v4SSDOcEbSDYEIA=
=mUkG
-----END PGP SIGNATURE-----
.
CVE-2021-1782: an anonymous researcher
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2021-1753: Mickey Jin of Trend Micro
Entry added February 1, 2021
Phone Keypad
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: A lock screen issue allowed access to contacts on a
locked device
| VAR-202104-0609 | CVE-2021-1786 | Apple CrashReporter Authorization problem vulnerability |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files. An authorization issue vulnerability exists in Apple Crash Reporter where the application does not properly enforce security restrictions within the Crash Reporter component of macOS. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-02-01-3 Additional information for
APPLE-SA-2021-01-26-2 tvOS 14.4
tvOS 14.4 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212149.
Analytics
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Entry added February 1, 2021
APFS
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
Entry added February 1, 2021
CoreAnimation
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
CoreAudio
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
Entry added February 1, 2021
CoreGraphics
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
Entry added February 1, 2021
CoreMedia
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
Entry added February 1, 2021
CoreText
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro
Entry added February 1, 2021
CoreText
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Crash Reporter
Available for: Apple TV 4K and Apple TV HD
Impact: A local user may be able to create or modify system files
Description: A logic issue was addressed with improved state
management.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Crash Reporter
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1787: James Hutchins
Entry added February 1, 2021
FairPlay
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro
Entry added February 1, 2021
FontParser
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: This issue was addressed with improved checks.
CVE-2021-1766: Danny Rosseau of Carve Systems
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-financial Light-Year Security Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Qi Sun of Trend Micro
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
IOSkywalkFamily
Available for: Apple TV 4K and Apple TV HD
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba
Security
Entry added February 1, 2021
iTunes Store
Available for: Apple TV 4K and Apple TV HD
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1764: Maxime Villard (m00nbsd)
Entry added February 1, 2021
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Entry added February 1, 2021
Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Swift
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
Entry added February 1, 2021
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
WebKit
Available for: Apple TV 4K and Apple TV HD
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1801: Eliya Stein of Confiant
Entry added February 1, 2021
WebRTC
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Entry added February 1, 2021
Additional recognition
iTunes Store
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
Entry added February 1, 2021
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Store Demo
We would like to acknowledge @08Tc3wBB for their assistance.
Entry added February 1, 2021
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtcACgkQZcsbuWJ6
jjC2WQ//bJVyj/RBYwoj3boUw/SH7hZ+n6Ho3KPRZQE2XWZ0KSODHSoXOgaf5xX7
xWAf5vbOGdEueWj476hmlZZPediB7SJK6xEkvg3SKzZrc5+MlgRUjnrNd/qygi75
tPXjpkyIAHBY5Ik+uoSyxkLkCn3i50KFwtJCmyibl3ayb1XA2/jUA4FtQkhz3HrM
ZhMkBPOSObKkGiyj90eBNmeJRSwrxvBQPcp/EwqHbND+Y8UYAQ9ZDbHXWBVuDeRV
R1No2qLit0TCs6MZnVP2CKNprXMy/bHLlNeVYGGIu1W+qQ3I30XvlY69VcH6JdVF
xz6JIiXAJoOYDUFzesY2b8kMe7jiZnnDK+gWHeodV4oirsImITTlGY4gdiGb30Ag
2XDFpGedK0g+fD+SKI0lCOColTi6IEtTRm4/0ClI0HMc0akJn3qZXOz+iXzTZCa3
tssd6H2lZAW98GmsnMazUdEyGR+9I9RSvaJkLNOBxgDG+NURoTJ6vxHH2B3DYb/+
i+blVGMt7EBIZNwloOR8Fc+Ho5YTCFIwSxeqUzS9Vw53Bx7qA0AVd6CPPJSctWZ0
WKg1N3iW+dBWLWr43idEUNgUADL8Ya35Q6EwW+FxMHLwS11d7xA24AT14vJyi+4w
ftTKFGZsNaUGMo2dCZNUnyC23xv3R8GYso0jc3DL4e1pAmeW2Rk=0JBx
-----END PGP SIGNATURE-----
| VAR-202104-0604 | CVE-2021-1767 | Apple macOS ModelIO USD Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Apple IO Model is a module of Apple (Apple) for processing IO operations. A code issue vulnerability exists in Apple macOS that arises from a boundary error within the Model I/O component in macOS. A remote attacker could deliver a specially crafted file, trick the victim into opening the file, trigger a heap-based buffer overflow and execute arbitrary code on the target system. Vulnerabilities exist in the following products or versions: macOS 10.3, macOS 10.12.4, macOS 10.12.5, macOS 10.12.6, macOS 10.12.6.2, macOS 10.13, macOS 10.13.1, macOS 10.13.2, macOS 10.13.3, macOS 10.13 .4, macOS 10.13.5, macOS 10.13.6, macOS 10.14, macOS 10.14.1, macOS 10.14.2, macOS 10.14.3, macOS 10.14.4, macOS 10.14.5, macOS 10.14.6, macOS 10.15, macOS 10.15 SU1, macOS 10.15.1, macOS 10.15.2, macOS 10.15.3, macOS 10.15.4, macOS 10.15.4 SU1, macOS 10.15.5, macOS 10.15.5 SU1, macOS 10.15.6, macOS 10.15.6 SU1 , macOS 10.15.7, macOS 10.15.7 SU1, macOS 11.0, macOS 11.0.1, macOS 11.1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-02-01-2 Additional information for
APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4
iOS 14.4 and iPadOS 14.4 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212146.
Analytics
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Entry added February 1, 2021
APFS
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1794: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1795: Jianjun Dai of 360 Alpha Lab
CVE-2021-1796: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1780: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
CoreAnimation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
CoreAudio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
Entry added February 1, 2021
CoreGraphics
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
Entry added February 1, 2021
CoreMedia
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
Entry added February 1, 2021
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro
Entry added February 1, 2021
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Crash Reporter
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local user may be able to create or modify system files
Description: A logic issue was addressed with improved state
management.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Crash Reporter
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1787: James Hutchins
Entry added February 1, 2021
FairPlay
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro
Entry added February 1, 2021
FontParser
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: This issue was addressed with improved checks.
CVE-2021-1766: Danny Rosseau of Carve Systems
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Qi Sun of Trend Micro
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
IOSkywalkFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba
Security
Entry added February 1, 2021
iTunes Store
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1764: Maxime Villard (@m00nbsd)
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1763: Mickey Jin of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1762: Mickey Jin of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1753: Mickey Jin of Trend Micro
Entry added February 1, 2021
Phone Keypad
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: A lock screen issue allowed access to contacts on a
locked device.
CVE-2021-1756: Ryan Pickren (ryanpickren.com)
Entry added February 1, 2021
Swift
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1801: Eliya Stein of Confiant
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Entry added February 1, 2021
Additional recognition
iTunes Store
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
Entry added February 1, 2021
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Mail
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and
an anonymous researcher for their assistance.
Entry added February 1, 2021
Store Demo
We would like to acknowledge @08Tc3wBB for their assistance.
Entry added February 1, 2021
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
Entry added February 1, 2021
Wi-Fi
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added February 1, 2021
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtAACgkQZcsbuWJ6
jjCK6g//dClC7Zq+dOqvuwvDa1ZMQ/R7pmp9qn2jFQsN41sf3JXSUT5AT2qhkB+W
BvfgNl4JEAhdFigcuChzNWjrtQjT30Iqu/mPKF9zh8FRi5Uc0Z+UDAS4QAJcYmBl
naDKY9u0SIyzxyvoK2AhfnbgAy7xsICNUiPFIV3sLS20NnKaItd/zBVCsgiMnpXD
lXBJJfoJZcKzUxsHVGuh3DU9FgyS0Ypo8EAuZTPT511rco7nAqQ+RY5s8DRZ91Up
BWoFQezmVQmxHGA2rwJH+RgSUOUywCNi/xLinAdNq8en4db8UtSmUcQHqaFgybBk
bfWN3apPFq7vKCPbW8NI4JPBeP4WhORGH1V2jgJV8DM8Lod/Uh1yJrcZ5a4FxwCO
VZKROL2UwE8T3tNYNlYoIr83FKVeMxnYhEP+xSSM3iZGtIflkcO3UtfitJlV0U26
RCavBUyxJV1aqb/3ic/WwLco7jBeOEIUkoZq7djyo8K1LrVSxZvBAUveV+Y2qvz3
UrbdDeTaTqDZ+rgQjOTcMJsvLHwzcrD8DdhgAMt9FAsVZ+dxSsqrMBNxhtc5uRyf
bSTDyJc4epsC5S6IrjHaePdnv65tuIjC/JYmBvdshtp5j3aUnJUGWPhWuuhDLIjh
oxMn01QVy9KvVSQs3kqot8Ai8e1hXGnzwDUHEqPQLYzEi77v8HU=
=WL5N
-----END PGP SIGNATURE-----
| VAR-202104-0605 | CVE-2021-1768 | plural Apple Product out-of-bounds read vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. plural Apple The product contains an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. There is a security vulnerability in Apple macOS, which originates from the handling of USB files in the Model I/O component in macOS due to boundary conditions. A local user could insert a specially crafted USB drive, trigger an out-of-bounds read error and crash the system. Vulnerabilities exist in the following products or versions: macOS 10.3, macOS 10.12.4, macOS 10.12.5, macOS 10.12.6, macOS 10.12.6.2, macOS 10.13, macOS 10.13.1, macOS 10.13.2, macOS 10.13.3, macOS 10.13 .4, macOS 10.13.5, macOS 10.13.6, macOS 10.14, macOS 10.14.1, macOS 10.14.2, macOS 10.14.3, macOS 10.14.4, macOS 10.14.5, macOS 10.14.6, macOS 10.15, macOS 10.15 SU1, macOS 10.15.1, macOS 10.15.2, macOS 10.15.3, macOS 10.15.4, macOS 10.15.4 SU1, macOS 10.15.5, macOS 10.15.5 SU1, macOS 10.15.6, macOS 10.15.6 SU1 , macOS 10.15.7, macOS 10.15.7 SU1, macOS 11.0, macOS 11.0.1, macOS 11.1. Apple macOS could allow a remote malicious user to execute arbitrary code on the system, caused by an out-of-bounds read in the Model I/O component. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-02-01-2 Additional information for
APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4
iOS 14.4 and iPadOS 14.4 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212146.
Analytics
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Entry added February 1, 2021
APFS
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1794: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1795: Jianjun Dai of 360 Alpha Lab
CVE-2021-1796: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1780: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
CoreAnimation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
CoreAudio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
Entry added February 1, 2021
CoreGraphics
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
Entry added February 1, 2021
CoreMedia
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
Entry added February 1, 2021
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro
Entry added February 1, 2021
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Crash Reporter
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local user may be able to create or modify system files
Description: A logic issue was addressed with improved state
management.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Crash Reporter
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1787: James Hutchins
Entry added February 1, 2021
FairPlay
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro
Entry added February 1, 2021
FontParser
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: This issue was addressed with improved checks.
CVE-2021-1766: Danny Rosseau of Carve Systems
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Qi Sun of Trend Micro
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
IOSkywalkFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba
Security
Entry added February 1, 2021
iTunes Store
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1764: Maxime Villard (@m00nbsd)
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1763: Mickey Jin of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1762: Mickey Jin of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1753: Mickey Jin of Trend Micro
Entry added February 1, 2021
Phone Keypad
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: A lock screen issue allowed access to contacts on a
locked device.
CVE-2021-1756: Ryan Pickren (ryanpickren.com)
Entry added February 1, 2021
Swift
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1801: Eliya Stein of Confiant
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Entry added February 1, 2021
Additional recognition
iTunes Store
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
Entry added February 1, 2021
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Mail
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and
an anonymous researcher for their assistance.
Entry added February 1, 2021
Store Demo
We would like to acknowledge @08Tc3wBB for their assistance.
Entry added February 1, 2021
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
Entry added February 1, 2021
Wi-Fi
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added February 1, 2021
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtAACgkQZcsbuWJ6
jjCK6g//dClC7Zq+dOqvuwvDa1ZMQ/R7pmp9qn2jFQsN41sf3JXSUT5AT2qhkB+W
BvfgNl4JEAhdFigcuChzNWjrtQjT30Iqu/mPKF9zh8FRi5Uc0Z+UDAS4QAJcYmBl
naDKY9u0SIyzxyvoK2AhfnbgAy7xsICNUiPFIV3sLS20NnKaItd/zBVCsgiMnpXD
lXBJJfoJZcKzUxsHVGuh3DU9FgyS0Ypo8EAuZTPT511rco7nAqQ+RY5s8DRZ91Up
BWoFQezmVQmxHGA2rwJH+RgSUOUywCNi/xLinAdNq8en4db8UtSmUcQHqaFgybBk
bfWN3apPFq7vKCPbW8NI4JPBeP4WhORGH1V2jgJV8DM8Lod/Uh1yJrcZ5a4FxwCO
VZKROL2UwE8T3tNYNlYoIr83FKVeMxnYhEP+xSSM3iZGtIflkcO3UtfitJlV0U26
RCavBUyxJV1aqb/3ic/WwLco7jBeOEIUkoZq7djyo8K1LrVSxZvBAUveV+Y2qvz3
UrbdDeTaTqDZ+rgQjOTcMJsvLHwzcrD8DdhgAMt9FAsVZ+dxSsqrMBNxhtc5uRyf
bSTDyJc4epsC5S6IrjHaePdnv65tuIjC/JYmBvdshtp5j3aUnJUGWPhWuuhDLIjh
oxMn01QVy9KvVSQs3kqot8Ai8e1hXGnzwDUHEqPQLYzEi77v8HU=
=WL5N
-----END PGP SIGNATURE-----
| VAR-202104-0600 | CVE-2021-1763 | Apple macOS ModelIO USD Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. An input validation error vulnerability exists in the Apple IO Model, which originates from the handling of untrusted input in the Model I/O component of macOS. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-02-01-2 Additional information for
APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4
iOS 14.4 and iPadOS 14.4 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212146.
Analytics
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Entry added February 1, 2021
APFS
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1794: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1795: Jianjun Dai of 360 Alpha Lab
CVE-2021-1796: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1780: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
CoreAnimation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
CoreAudio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
Entry added February 1, 2021
CoreGraphics
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
Entry added February 1, 2021
CoreMedia
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
Entry added February 1, 2021
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro
Entry added February 1, 2021
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Crash Reporter
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local user may be able to create or modify system files
Description: A logic issue was addressed with improved state
management.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Crash Reporter
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1787: James Hutchins
Entry added February 1, 2021
FairPlay
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro
Entry added February 1, 2021
FontParser
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: This issue was addressed with improved checks.
CVE-2021-1766: Danny Rosseau of Carve Systems
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Qi Sun of Trend Micro
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
IOSkywalkFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba
Security
Entry added February 1, 2021
iTunes Store
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1764: Maxime Villard (@m00nbsd)
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1763: Mickey Jin of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1762: Mickey Jin of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1753: Mickey Jin of Trend Micro
Entry added February 1, 2021
Phone Keypad
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: A lock screen issue allowed access to contacts on a
locked device.
CVE-2021-1756: Ryan Pickren (ryanpickren.com)
Entry added February 1, 2021
Swift
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1801: Eliya Stein of Confiant
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Entry added February 1, 2021
Additional recognition
iTunes Store
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
Entry added February 1, 2021
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Mail
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and
an anonymous researcher for their assistance.
Entry added February 1, 2021
Store Demo
We would like to acknowledge @08Tc3wBB for their assistance.
Entry added February 1, 2021
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
Entry added February 1, 2021
Wi-Fi
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added February 1, 2021
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtAACgkQZcsbuWJ6
jjCK6g//dClC7Zq+dOqvuwvDa1ZMQ/R7pmp9qn2jFQsN41sf3JXSUT5AT2qhkB+W
BvfgNl4JEAhdFigcuChzNWjrtQjT30Iqu/mPKF9zh8FRi5Uc0Z+UDAS4QAJcYmBl
naDKY9u0SIyzxyvoK2AhfnbgAy7xsICNUiPFIV3sLS20NnKaItd/zBVCsgiMnpXD
lXBJJfoJZcKzUxsHVGuh3DU9FgyS0Ypo8EAuZTPT511rco7nAqQ+RY5s8DRZ91Up
BWoFQezmVQmxHGA2rwJH+RgSUOUywCNi/xLinAdNq8en4db8UtSmUcQHqaFgybBk
bfWN3apPFq7vKCPbW8NI4JPBeP4WhORGH1V2jgJV8DM8Lod/Uh1yJrcZ5a4FxwCO
VZKROL2UwE8T3tNYNlYoIr83FKVeMxnYhEP+xSSM3iZGtIflkcO3UtfitJlV0U26
RCavBUyxJV1aqb/3ic/WwLco7jBeOEIUkoZq7djyo8K1LrVSxZvBAUveV+Y2qvz3
UrbdDeTaTqDZ+rgQjOTcMJsvLHwzcrD8DdhgAMt9FAsVZ+dxSsqrMBNxhtc5uRyf
bSTDyJc4epsC5S6IrjHaePdnv65tuIjC/JYmBvdshtp5j3aUnJUGWPhWuuhDLIjh
oxMn01QVy9KvVSQs3kqot8Ai8e1hXGnzwDUHEqPQLYzEi77v8HU=
=WL5N
-----END PGP SIGNATURE-----
| VAR-202104-0602 | CVE-2021-1765 | Pillow Buffer error vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. A security vulnerability exists in Apple macOS due to applications not properly implementing the enforced boxing policy in WebKit. A remote attacker could create a specially crafted web page that would lure a victim to visit it and bypass implemented security restrictions. Vulnerabilities exist in the following products or versions: macOS 11.0, macOS 11.0.1, macOS 11.1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update
Advisory ID: RHSA-2021:4381-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381
Issue date: 2021-11-09
CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918
CVE-2020-29623 CVE-2020-36241 CVE-2021-1765
CVE-2021-1788 CVE-2021-1789 CVE-2021-1799
CVE-2021-1801 CVE-2021-1844 CVE-2021-1870
CVE-2021-1871 CVE-2021-21775 CVE-2021-21779
CVE-2021-21806 CVE-2021-28650 CVE-2021-30663
CVE-2021-30665 CVE-2021-30682 CVE-2021-30689
CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795
CVE-2021-30797 CVE-2021-30799
====================================================================
1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm
(40.0), webkit2gtk3 (2.32.3). (BZ#1909300)
Security Fix(es):
* webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to
arbitrary code execution (CVE-2020-13558)
* LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in
identify.cpp (CVE-2020-24870)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2020-27918)
* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-1788)
* webkitgtk: Type confusion issue leading to arbitrary code execution
(CVE-2021-1789)
* webkitgtk: Access to restricted ports on arbitrary servers via port
redirection (CVE-2021-1799)
* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-1844)
* webkitgtk: Logic issue leading to arbitrary code execution
(CVE-2021-1870)
* webkitgtk: Logic issue leading to arbitrary code execution
(CVE-2021-1871)
* webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent
leading to information leak and possibly code execution (CVE-2021-21775)
* webkitgtk: Use-after-free in WebCore::GraphicsContext leading to
information leak and possibly code execution (CVE-2021-21779)
* webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code
execution (CVE-2021-21806)
* webkitgtk: Integer overflow leading to arbitrary code execution
(CVE-2021-30663)
* webkitgtk: Memory corruption leading to arbitrary code execution
(CVE-2021-30665)
* webkitgtk: Logic issue leading to leak of sensitive user information
(CVE-2021-30682)
* webkitgtk: Logic issue leading to universal cross site scripting attack
(CVE-2021-30689)
* webkitgtk: Logic issue allowing access to restricted ports on arbitrary
servers (CVE-2021-30720)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30734)
* webkitgtk: Cross-origin issue with iframe elements leading to universal
cross site scripting attack (CVE-2021-30744)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30749)
* webkitgtk: Type confusion leading to arbitrary code execution
(CVE-2021-30758)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-30795)
* webkitgtk: Insufficient checks leading to arbitrary code execution
(CVE-2021-30797)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30799)
* webkitgtk: User may be unable to fully delete browsing history
(CVE-2020-29623)
* gnome-autoar: Directory traversal via directory symbolic links pointing
outside of the destination directory (CVE-2020-36241)
* gnome-autoar: Directory traversal via directory symbolic links pointing
outside of the destination directory (incomplete CVE-2020-36241 fix)
(CVE-2021-28650)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session
must be restarted (log out, then log back in) for this update to take
effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time
1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)
1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop
1813727 - Files copied from NFS4 to Desktop can't be opened
1854679 - [RFE] Disable left edge gesture
1873297 - Gnome-software coredumps when run as root in terminal
1873488 - GTK3 prints errors with overlay scrollbar disabled
1888404 - Updates page hides ongoing updates on refresh
1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3.
1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ...
1904139 - Automatic Logout Feature not working
1905000 - Desktop refresh broken after unlock
1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release
1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot
1924725 - [Wayland] Double-touch desktop icons fails sometimes
1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory
1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login
1937416 - Rebase WebKitGTK to 2.32
1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]
1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0]
1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)
1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution
1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history
1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation
1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution
1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection
1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation
1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution
1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution
1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution
1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution
1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH
1951086 - Disable the Facebook provider
1952136 - Disable the Foursquare provider
1955754 - gnome-session kiosk-session support still isn't up to muster
1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide
1960705 - Vino nonfunctional in FIPS mode
1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V
1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens
1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831'
1972545 - flatpak: Prefer runtime from the same origin as the application
1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent
1978505 - Gnome Software development package is missing important header files.
1978612 - pt_BR translations for "Register System" panel
1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution
1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up.
1981420 - Improve style of overview close buttons
1986863 - CVE-2021-21775 webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution
1986866 - CVE-2021-21779 webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution
1986872 - CVE-2021-30663 webkitgtk: Integer overflow leading to arbitrary code execution
1986874 - CVE-2021-30665 webkitgtk: Memory corruption leading to arbitrary code execution
1986879 - CVE-2021-30682 webkitgtk: Logic issue leading to leak of sensitive user information
1986881 - CVE-2021-30689 webkitgtk: Logic issue leading to universal cross site scripting attack
1986883 - CVE-2021-30720 webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers
1986886 - CVE-2021-30734 webkitgtk: Memory corruptions leading to arbitrary code execution
1986888 - CVE-2021-30744 webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack
1986890 - CVE-2021-30749 webkitgtk: Memory corruptions leading to arbitrary code execution
1986892 - CVE-2021-30758 webkitgtk: Type confusion leading to arbitrary code execution
1986900 - CVE-2021-30795 webkitgtk: Use-after-free leading to arbitrary code execution
1986902 - CVE-2021-30797 webkitgtk: Insufficient checks leading to arbitrary code execution
1986906 - CVE-2021-30799 webkitgtk: Memory corruptions leading to arbitrary code execution
1987233 - [RHEL8.5]Login screen shows dots when entering username
1989035 - terminal don't redraw if partially off screen
1998989 - [RHEL8.5] [Hyper-V]Cannot display GUI after installed RHEL8.5 recent build
1999120 - Gnome file manager crashes Xwayland/Desktop on drag/drop of files
2004170 - Unable to login to session via xdmcp
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
LibRaw-0.19.5-3.el8.src.rpm
accountsservice-0.6.55-2.el8.src.rpm
gdm-40.0-15.el8.src.rpm
gnome-autoar-0.2.3-2.el8.src.rpm
gnome-calculator-3.28.2-2.el8.src.rpm
gnome-control-center-3.28.2-28.el8.src.rpm
gnome-online-accounts-3.28.2-3.el8.src.rpm
gnome-session-3.28.1-13.el8.src.rpm
gnome-settings-daemon-3.32.0-16.el8.src.rpm
gnome-shell-3.32.2-40.el8.src.rpm
gnome-shell-extensions-3.32.1-20.el8.src.rpm
gnome-software-3.36.1-10.el8.src.rpm
gtk3-3.22.30-8.el8.src.rpm
mutter-3.32.2-60.el8.src.rpm
vino-3.22.0-11.el8.src.rpm
webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64:
accountsservice-0.6.55-2.el8.aarch64.rpm
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gdm-40.0-15.el8.aarch64.rpm
gdm-debuginfo-40.0-15.el8.aarch64.rpm
gdm-debugsource-40.0-15.el8.aarch64.rpm
gnome-autoar-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm
gnome-calculator-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm
gnome-control-center-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm
gnome-online-accounts-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm
gnome-session-3.28.1-13.el8.aarch64.rpm
gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm
gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm
gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm
gnome-session-xsession-3.28.1-13.el8.aarch64.rpm
gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm
gnome-shell-3.32.2-40.el8.aarch64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm
gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm
gnome-software-3.36.1-10.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm
gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-3.22.30-8.el8.aarch64.rpm
gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-debugsource-3.22.30-8.el8.aarch64.rpm
gtk3-devel-3.22.30-8.el8.aarch64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm
mutter-3.32.2-60.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
vino-3.22.0-11.el8.aarch64.rpm
vino-debuginfo-3.22.0-11.el8.aarch64.rpm
vino-debugsource-3.22.0-11.el8.aarch64.rpm
webkit2gtk3-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch:
gnome-classic-session-3.32.1-20.el8.noarch.rpm
gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le:
LibRaw-0.19.5-3.el8.ppc64le.rpm
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-0.6.55-2.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gdm-40.0-15.el8.ppc64le.rpm
gdm-debuginfo-40.0-15.el8.ppc64le.rpm
gdm-debugsource-40.0-15.el8.ppc64le.rpm
gnome-autoar-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm
gnome-calculator-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm
gnome-control-center-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm
gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm
gnome-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm
gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm
gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm
gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm
gnome-shell-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm
gnome-software-3.36.1-10.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm
gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-3.22.30-8.el8.ppc64le.rpm
gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm
mutter-3.32.2-60.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
vino-3.22.0-11.el8.ppc64le.rpm
vino-debuginfo-3.22.0-11.el8.ppc64le.rpm
vino-debugsource-3.22.0-11.el8.ppc64le.rpm
webkit2gtk3-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x:
accountsservice-0.6.55-2.el8.s390x.rpm
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-libs-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gdm-40.0-15.el8.s390x.rpm
gdm-debuginfo-40.0-15.el8.s390x.rpm
gdm-debugsource-40.0-15.el8.s390x.rpm
gnome-autoar-0.2.3-2.el8.s390x.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm
gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm
gnome-calculator-3.28.2-2.el8.s390x.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm
gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm
gnome-control-center-3.28.2-28.el8.s390x.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm
gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm
gnome-online-accounts-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm
gnome-session-3.28.1-13.el8.s390x.rpm
gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm
gnome-session-debugsource-3.28.1-13.el8.s390x.rpm
gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm
gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm
gnome-session-xsession-3.28.1-13.el8.s390x.rpm
gnome-settings-daemon-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm
gnome-shell-3.32.2-40.el8.s390x.rpm
gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm
gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm
gnome-software-3.36.1-10.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm
gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-3.22.30-8.el8.s390x.rpm
gtk3-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-debugsource-3.22.30-8.el8.s390x.rpm
gtk3-devel-3.22.30-8.el8.s390x.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm
mutter-3.32.2-60.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
vino-3.22.0-11.el8.s390x.rpm
vino-debuginfo-3.22.0-11.el8.s390x.rpm
vino-debugsource-3.22.0-11.el8.s390x.rpm
webkit2gtk3-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64:
LibRaw-0.19.5-3.el8.i686.rpm
LibRaw-0.19.5-3.el8.x86_64.rpm
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-0.6.55-2.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-0.6.55-2.el8.i686.rpm
accountsservice-libs-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gdm-40.0-15.el8.i686.rpm
gdm-40.0-15.el8.x86_64.rpm
gdm-debuginfo-40.0-15.el8.i686.rpm
gdm-debuginfo-40.0-15.el8.x86_64.rpm
gdm-debugsource-40.0-15.el8.i686.rpm
gdm-debugsource-40.0-15.el8.x86_64.rpm
gnome-autoar-0.2.3-2.el8.i686.rpm
gnome-autoar-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm
gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm
gnome-calculator-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm
gnome-control-center-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm
gnome-online-accounts-3.28.2-3.el8.i686.rpm
gnome-online-accounts-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm
gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm
gnome-session-3.28.1-13.el8.x86_64.rpm
gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm
gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm
gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm
gnome-session-xsession-3.28.1-13.el8.x86_64.rpm
gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm
gnome-shell-3.32.2-40.el8.x86_64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm
gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.x86_64.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm
gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-3.22.30-8.el8.i686.rpm
gtk3-3.22.30-8.el8.x86_64.rpm
gtk3-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-debugsource-3.22.30-8.el8.i686.rpm
gtk3-debugsource-3.22.30-8.el8.x86_64.rpm
gtk3-devel-3.22.30-8.el8.i686.rpm
gtk3-devel-3.22.30-8.el8.x86_64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm
mutter-3.32.2-60.el8.i686.rpm
mutter-3.32.2-60.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
vino-3.22.0-11.el8.x86_64.rpm
vino-debuginfo-3.22.0-11.el8.x86_64.rpm
vino-debugsource-3.22.0-11.el8.x86_64.rpm
webkit2gtk3-2.32.3-2.el8.i686.rpm
webkit2gtk3-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64:
gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le:
gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x:
gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64:
gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-devel-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gnome-software-devel-3.36.1-10.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-devel-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le:
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-devel-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-devel-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gnome-software-devel-3.36.1-10.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-devel-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x:
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-devel-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gnome-software-devel-3.36.1-10.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-devel-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64:
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-devel-0.19.5-3.el8.i686.rpm
LibRaw-devel-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-devel-0.6.55-2.el8.i686.rpm
accountsservice-devel-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.i686.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gnome-software-devel-3.36.1-10.el8.i686.rpm
gnome-software-devel-3.36.1-10.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-devel-3.32.2-60.el8.i686.rpm
mutter-devel-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-13558
https://access.redhat.com/security/cve/CVE-2020-24870
https://access.redhat.com/security/cve/CVE-2020-27918
https://access.redhat.com/security/cve/CVE-2020-29623
https://access.redhat.com/security/cve/CVE-2020-36241
https://access.redhat.com/security/cve/CVE-2021-1765
https://access.redhat.com/security/cve/CVE-2021-1788
https://access.redhat.com/security/cve/CVE-2021-1789
https://access.redhat.com/security/cve/CVE-2021-1799
https://access.redhat.com/security/cve/CVE-2021-1801
https://access.redhat.com/security/cve/CVE-2021-1844
https://access.redhat.com/security/cve/CVE-2021-1870
https://access.redhat.com/security/cve/CVE-2021-1871
https://access.redhat.com/security/cve/CVE-2021-21775
https://access.redhat.com/security/cve/CVE-2021-21779
https://access.redhat.com/security/cve/CVE-2021-21806
https://access.redhat.com/security/cve/CVE-2021-28650
https://access.redhat.com/security/cve/CVE-2021-30663
https://access.redhat.com/security/cve/CVE-2021-30665
https://access.redhat.com/security/cve/CVE-2021-30682
https://access.redhat.com/security/cve/CVE-2021-30689
https://access.redhat.com/security/cve/CVE-2021-30720
https://access.redhat.com/security/cve/CVE-2021-30734
https://access.redhat.com/security/cve/CVE-2021-30744
https://access.redhat.com/security/cve/CVE-2021-30749
https://access.redhat.com/security/cve/CVE-2021-30758
https://access.redhat.com/security/cve/CVE-2021-30795
https://access.redhat.com/security/cve/CVE-2021-30797
https://access.redhat.com/security/cve/CVE-2021-30799
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E
awNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3
05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7
sTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7
tEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ
w+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD
Migcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5
QnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T
qji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu
SToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb
Z6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX
2rgR2Ny0wo4=gfrM
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized
usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications
2021666 - Route name longer than 63 characters causes direct volume migration to fail
2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes
2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image
2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console
2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout
2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error
2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource
2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202104-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: April 30, 2021
Bugs: #770793, #773193
ID: 202104-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.30.6 >= 2.30.6
Description
===========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.6"
References
==========
[ 1 ] CVE-2020-13558
https://nvd.nist.gov/vuln/detail/CVE-2020-13558
[ 2 ] CVE-2020-27918
https://nvd.nist.gov/vuln/detail/CVE-2020-27918
[ 3 ] CVE-2020-29623
https://nvd.nist.gov/vuln/detail/CVE-2020-29623
[ 4 ] CVE-2020-9947
https://nvd.nist.gov/vuln/detail/CVE-2020-9947
[ 5 ] CVE-2021-1765
https://nvd.nist.gov/vuln/detail/CVE-2021-1765
[ 6 ] CVE-2021-1789
https://nvd.nist.gov/vuln/detail/CVE-2021-1789
[ 7 ] CVE-2021-1799
https://nvd.nist.gov/vuln/detail/CVE-2021-1799
[ 8 ] CVE-2021-1801
https://nvd.nist.gov/vuln/detail/CVE-2021-1801
[ 9 ] CVE-2021-1870
https://nvd.nist.gov/vuln/detail/CVE-2021-1870
[ 10 ] WSA-2021-0001
https://webkitgtk.org/security/WSA-2021-0001.html
[ 11 ] WSA-2021-0002
https://webkitgtk.org/security/WSA-2021-0002.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202104-03
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2021 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4877-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
March 27, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789
CVE-2021-1799 CVE-2021-1801 CVE-2021-1870
The following vulnerabilities have been discovered in the webkit2gtk
web engine:
CVE-2020-27918
Liu Long discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2020-29623
Simon Hunt discovered that users may be unable to fully delete
their browsing history under some circumstances.
CVE-2021-1799
Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a
malicious website may be able to access restricted ports on
arbitrary servers.
For the stable distribution (buster), these problems have been fixed in
version 2.30.6-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmBe0l1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S5hQ/8C2v1zUfBwSGNyQkeH/8SJ4P39FOtLS7uKAsBu24uFgQn0NJ2tITsGU+d
MvPT813PYFND7RRjwch+KVhxfj1py0JzxeizGNJf8B5qocfCLJn/cGzrxIqurxVC
eiwum9x49P9+kCBfiBBz3hTGiaVJa9HdgonauOhlxgVITYDqgE5Z5jTpKaM3lKQv
qa9CIrP0zaGdOVwY9PUMRNCxJ1i90cKNePLaIE/a1R4p7pwa5sR069uu94PGahQx
KDd8w0/3dFeQoQTALhvrkxdKCDgi4GWzCnB1KD2k4lZncPOrx0yGRx8H0lXO+MgN
6+0zg5EaG1bdk4aYoyYKTPIYPRVbJBpg9pisgJ+IL452P1F7zmaUq2vtSZMl7JIN
xwzxuMKAR7letp+Ji7HRb34rex7ni0bIMndDs1sBjesUK1C9c2gRUtj2uhRStS9a
0sqmVjCqGxaXzsKL+5AqJY8VYbPCXvxhoNGHzGA6SdFv/bj8l6FOpsrFguNhpFJ4
6QdvgvFuRo2fYXsfRhosyLH4XXfyf4XZiDC4zX6Z1/Ata4mPJCgbS/aoewEIarm5
Nw426CdjAtefXdeRbRd/VRmZPNriolXlYI11VxhM9xpmw0Ag75jq+meNF3+wi9G0
6m8OoG+6FhUc4UcLv/OiSFHZgy3eTP6wIqa/6FG1gh7wta2+sXM=
=IQ2D
-----END PGP SIGNATURE-----
| VAR-202104-0630 | CVE-2021-1750 | Apple Kernel Code problem vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. An application may be able to execute arbitrary code with kernel privileges. Apple Kernel is the kernel of the Apple device of Apple (Apple). A code issue vulnerability exists in the Apple Kernel, which arises from a logic error within the macOS kernel subsystem. Apple macOS could allow a local malicious user to gain elevated privileges on the system, caused by mutliple issues in the Kernel component. Information
about the security content is also available at
https://support.apple.com/HT212147.
CVE-2021-1761: Cees Elzinga
APFS
Available for: macOS Big Sur 11.0.1
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
CFNetwork Cache
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team
CoreAnimation
Available for: macOS Big Sur 11.0.1
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
CoreAudio
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
CoreMedia
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Crash Reporter
Available for: macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Crash Reporter
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Directory Utility
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to access private
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-27937: Wojciech Reguła (@_r3ggi) of SecuRing
Endpoint Security
Available for: macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response
Center
FairPlay
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1790: Peter Nguyen Vu Hoang of STAR Labs
FontParser
Available for: macOS Mojave 10.14.6
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro
FontParser
Available for: macOS Mojave 10.14.6
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab
FontParser
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light-
Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1766: Danny Rosseau of Carve Systems
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant
Security Light-Year Lab
CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1738: Lei Sun
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
IOKit
Available for: macOS Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A logic error in kext loading was addressed with
improved state handling.
CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security
IOSkywalkFamily
Available for: macOS Big Sur 11.0.1
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1750: @0xalsr
Login Window
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: An attacker in a privileged network position may be able to
bypass authentication policy
Description: An authentication issue was addressed with improved
state management.
CVE-2020-29633: Jewel Lambert of Original Spin, LLC.
CVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)
Model I/O
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1762: Mickey Jin of Trend Micro
Model I/O
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
NetFSFramework
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-25709
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan
Screen Sharing
Available for: macOS Big Sur 11.0.1
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2020-15358
Swift
Available for: macOS Big Sur 11.0.1
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1765: Eliya Stein of Confiant
CVE-2021-1801: Eliya Stein of Confiant
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
WebKit
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: macOS Big Sur 11.0.1
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Additional recognition
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Login Window
We would like to acknowledge Jose Moises Romero-Villanueva of
CrySolve for their assistance.
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Screen Sharing Server
We would like to acknowledge @gorelics for their assistance.
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgrkACgkQZcsbuWJ6
jjATvhAAmcspGY8ZHJcSUGr9mysz5iT9oGkZcvFa8kcJsFAvFb9Wjz0M2eovBXQc
D9bD7LrUpodiqkSobB4bEevpD9P8E/T/eRSBxjomKLv5DKHPT4eh/K2EU6R6ubVi
GGNlT9DJrIxcTJIB2y/yfs8msV2w2/gZDLKJZP4Zh6t8G1sjI17iEaxpOph67aq2
X0d+P7+7q1mUBa47JEQ+HIUNlfHtBL825cnmHD2Vn1WELQLKZfXBl+nPM9l9naRc
3vYIvR7xJ5c4bqFx7N9xwGdQ5TRIoDijqADwggGwOZEiVZ7PWifj/iCLUz4Ks4hr
oGVE1UxN1oSX63D44ZQyfiyIWIiMtDV9V4J6mUoUnZ6RTTMoRRAF9DcSVF5/wmHk
odYnMeouHc543ZyVBtdtwJ/tbuBvTOjzpNn0+UgiyRL9wG/xxQq+gB4vwgSEviek
bBhyvdxLVWW0ULwFeN5rI5bCQBkv6BB9OSyhD6sMRrp59NAgBBS2nstZG1RAt7XL
2KZ1GpoNcuDRLj7ElxAfeJuPM1dFVTK48SH56M1FElz/QowZVOXyKgUoaeVTUyAC
3WOACmFAosFIclCbr8z8yGynX2bsCGBNKv4pKoHlyZCyFHCQw9L6uR2gRkOp86+M
iqHtE2L1WUZvUMCIKxfdixILEfoacSVCxr3+v4SSDOcEbSDYEIA=
=mUkG
-----END PGP SIGNATURE-----
.
CVE-2021-1782: an anonymous researcher
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2021-1753: Mickey Jin of Trend Micro
Entry added February 1, 2021
Phone Keypad
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: A lock screen issue allowed access to contacts on a
locked device
| VAR-202104-0597 | CVE-2021-1759 | Apple CoreMedia Buffer error vulnerability |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. A resource management error vulnerability exists in Apple CoreMedia that exists due to a boundary condition within the CoreMedia component in macOS. A remote attacker could create a specially crafted image, trick the victim into opening it, trigger an out-of-bounds read error and read the contents of memory on the system. Vulnerabilities exist in the following product or version: macOS Big Sur 11.0.1. Apple macOS could allow a remote malicious user to execute arbitrary code on the system, caused by an out-of-bounds read in the CoreMedia component. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-02-01-2 Additional information for
APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4
iOS 14.4 and iPadOS 14.4 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212146.
Analytics
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Entry added February 1, 2021
APFS
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1794: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1795: Jianjun Dai of 360 Alpha Lab
CVE-2021-1796: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1780: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
CoreAnimation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
CoreAudio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
Entry added February 1, 2021
CoreGraphics
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
Entry added February 1, 2021
CoreMedia
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
Entry added February 1, 2021
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro
Entry added February 1, 2021
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Crash Reporter
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local user may be able to create or modify system files
Description: A logic issue was addressed with improved state
management.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Crash Reporter
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1787: James Hutchins
Entry added February 1, 2021
FairPlay
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro
Entry added February 1, 2021
FontParser
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: This issue was addressed with improved checks.
CVE-2021-1766: Danny Rosseau of Carve Systems
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Qi Sun of Trend Micro
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
IOSkywalkFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba
Security
Entry added February 1, 2021
iTunes Store
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1764: Maxime Villard (@m00nbsd)
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1763: Mickey Jin of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1762: Mickey Jin of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1753: Mickey Jin of Trend Micro
Entry added February 1, 2021
Phone Keypad
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: A lock screen issue allowed access to contacts on a
locked device.
CVE-2021-1756: Ryan Pickren (ryanpickren.com)
Entry added February 1, 2021
Swift
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1801: Eliya Stein of Confiant
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Entry added February 1, 2021
Additional recognition
iTunes Store
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
Entry added February 1, 2021
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Mail
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and
an anonymous researcher for their assistance.
Entry added February 1, 2021
Store Demo
We would like to acknowledge @08Tc3wBB for their assistance.
Entry added February 1, 2021
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
Entry added February 1, 2021
Wi-Fi
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added February 1, 2021
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtAACgkQZcsbuWJ6
jjCK6g//dClC7Zq+dOqvuwvDa1ZMQ/R7pmp9qn2jFQsN41sf3JXSUT5AT2qhkB+W
BvfgNl4JEAhdFigcuChzNWjrtQjT30Iqu/mPKF9zh8FRi5Uc0Z+UDAS4QAJcYmBl
naDKY9u0SIyzxyvoK2AhfnbgAy7xsICNUiPFIV3sLS20NnKaItd/zBVCsgiMnpXD
lXBJJfoJZcKzUxsHVGuh3DU9FgyS0Ypo8EAuZTPT511rco7nAqQ+RY5s8DRZ91Up
BWoFQezmVQmxHGA2rwJH+RgSUOUywCNi/xLinAdNq8en4db8UtSmUcQHqaFgybBk
bfWN3apPFq7vKCPbW8NI4JPBeP4WhORGH1V2jgJV8DM8Lod/Uh1yJrcZ5a4FxwCO
VZKROL2UwE8T3tNYNlYoIr83FKVeMxnYhEP+xSSM3iZGtIflkcO3UtfitJlV0U26
RCavBUyxJV1aqb/3ic/WwLco7jBeOEIUkoZq7djyo8K1LrVSxZvBAUveV+Y2qvz3
UrbdDeTaTqDZ+rgQjOTcMJsvLHwzcrD8DdhgAMt9FAsVZ+dxSsqrMBNxhtc5uRyf
bSTDyJc4epsC5S6IrjHaePdnv65tuIjC/JYmBvdshtp5j3aUnJUGWPhWuuhDLIjh
oxMn01QVy9KvVSQs3kqot8Ai8e1hXGnzwDUHEqPQLYzEi77v8HU=
=WL5N
-----END PGP SIGNATURE-----
| VAR-202104-0606 | CVE-2021-1769 | plural Apple Product vulnerabilities |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. plural Apple There are unspecified vulnerabilities in the product.Information may be tampered with. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. There is a security vulnerability in Apple macOS, which is caused by an error in the handling of authentication requests in the Swift component of macOS. Vulnerabilities exist in the following products or versions: macOS 11.0, macOS 11.0.1, macOS 11.1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-02-01-2 Additional information for
APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4
iOS 14.4 and iPadOS 14.4 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212146.
Analytics
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Entry added February 1, 2021
APFS
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1794: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1795: Jianjun Dai of 360 Alpha Lab
CVE-2021-1796: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
Bluetooth
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1780: Jianjun Dai of 360 Alpha Lab
Entry added February 1, 2021
CoreAnimation
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
CoreAudio
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
Entry added February 1, 2021
CoreGraphics
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
Entry added February 1, 2021
CoreMedia
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
Entry added February 1, 2021
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro
Entry added February 1, 2021
CoreText
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Crash Reporter
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local user may be able to create or modify system files
Description: A logic issue was addressed with improved state
management.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Crash Reporter
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1787: James Hutchins
Entry added February 1, 2021
FairPlay
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro
Entry added February 1, 2021
FontParser
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: This issue was addressed with improved checks.
CVE-2021-1766: Danny Rosseau of Carve Systems
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Qi Sun of Trend Micro
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey
Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
ImageIO
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
Entry added February 1, 2021
IOSkywalkFamily
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba
Security
Entry added February 1, 2021
iTunes Store
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted URL may lead to arbitrary
javascript code execution
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1764: Maxime Villard (@m00nbsd)
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Entry added February 1, 2021
Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1763: Mickey Jin of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1762: Mickey Jin of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro
Entry added February 1, 2021
Model I/O
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1753: Mickey Jin of Trend Micro
Entry added February 1, 2021
Phone Keypad
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: A lock screen issue allowed access to contacts on a
locked device.
CVE-2021-1756: Ryan Pickren (ryanpickren.com)
Entry added February 1, 2021
Swift
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1801: Eliya Stein of Confiant
Entry added February 1, 2021
WebKit
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A remote attacker may be able to cause arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Entry added February 1, 2021
Additional recognition
iTunes Store
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
Entry added February 1, 2021
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Entry added February 1, 2021
Mail
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and
an anonymous researcher for their assistance.
Entry added February 1, 2021
Store Demo
We would like to acknowledge @08Tc3wBB for their assistance.
Entry added February 1, 2021
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
Entry added February 1, 2021
Wi-Fi
We would like to acknowledge an anonymous researcher for their
assistance.
Entry added February 1, 2021
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtAACgkQZcsbuWJ6
jjCK6g//dClC7Zq+dOqvuwvDa1ZMQ/R7pmp9qn2jFQsN41sf3JXSUT5AT2qhkB+W
BvfgNl4JEAhdFigcuChzNWjrtQjT30Iqu/mPKF9zh8FRi5Uc0Z+UDAS4QAJcYmBl
naDKY9u0SIyzxyvoK2AhfnbgAy7xsICNUiPFIV3sLS20NnKaItd/zBVCsgiMnpXD
lXBJJfoJZcKzUxsHVGuh3DU9FgyS0Ypo8EAuZTPT511rco7nAqQ+RY5s8DRZ91Up
BWoFQezmVQmxHGA2rwJH+RgSUOUywCNi/xLinAdNq8en4db8UtSmUcQHqaFgybBk
bfWN3apPFq7vKCPbW8NI4JPBeP4WhORGH1V2jgJV8DM8Lod/Uh1yJrcZ5a4FxwCO
VZKROL2UwE8T3tNYNlYoIr83FKVeMxnYhEP+xSSM3iZGtIflkcO3UtfitJlV0U26
RCavBUyxJV1aqb/3ic/WwLco7jBeOEIUkoZq7djyo8K1LrVSxZvBAUveV+Y2qvz3
UrbdDeTaTqDZ+rgQjOTcMJsvLHwzcrD8DdhgAMt9FAsVZ+dxSsqrMBNxhtc5uRyf
bSTDyJc4epsC5S6IrjHaePdnv65tuIjC/JYmBvdshtp5j3aUnJUGWPhWuuhDLIjh
oxMn01QVy9KvVSQs3kqot8Ai8e1hXGnzwDUHEqPQLYzEi77v8HU=
=WL5N
-----END PGP SIGNATURE-----
| VAR-202104-0592 | CVE-2021-1818 | plural Apple Product vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS 14.4 and iPadOS 14.4 have a security vulnerability that stems from a boundary error in the handling of image files within the ImageIO component in macOS. A remote attacker could create a specially crafted document, trick a victim into opening it, trigger memory corruption and execute arbitrary code on the targeted system
| VAR-202104-0595 | CVE-2021-1738 | plural Apple Out-of-bounds write vulnerabilities in the product |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security vulnerability exists in Apple ImageIO due to a boundary error in the handling of image files within the ImageIO component in macOS. A remote attacker could create a specially crafted file that tricks a victim into opening the file with affected software, triggering an out-of-bounds write and executing arbitrary code on the targeted system. Vulnerabilities exist in the following products or versions: macOS 10.15, macOS 10.15 SU1, macOS 10.15.1, macOS 10.15.2, macOS 10.15.3, macOS 10.15.4, macOS 10.15.4 SU1, macOS 10.15.5, macOS 11.55.5 SU1 , macOS 15.65.6, macOS 10.15.6 SU1, macOS 10.15.7, 10.15.7 SU1, macOS 11.0, macOS 11.0.1, macOS 11.1. Information
about the security content is also available at
https://support.apple.com/HT212147.
CVE-2021-1761: Cees Elzinga
APFS
Available for: macOS Big Sur 11.0.1
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
CFNetwork Cache
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team
CoreAnimation
Available for: macOS Big Sur 11.0.1
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
CoreAudio
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Crash Reporter
Available for: macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Directory Utility
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to access private
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-27937: Wojciech Reguła (@_r3ggi) of SecuRing
Endpoint Security
Available for: macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response
Center
FairPlay
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro
FontParser
Available for: macOS Mojave 10.14.6
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab
FontParser
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light-
Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1766: Danny Rosseau of Carve Systems
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant
Security Light-Year Lab
CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1738: Lei Sun
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
IOKit
Available for: macOS Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A logic error in kext loading was addressed with
improved state handling.
CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security
IOSkywalkFamily
Available for: macOS Big Sur 11.0.1
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security,
Proteas
Kernel
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Kernel
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2020-29633: Jewel Lambert of Original Spin, LLC.
CVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)
Model I/O
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1762: Mickey Jin of Trend Micro
Model I/O
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
NetFSFramework
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-25709
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan
Screen Sharing
Available for: macOS Big Sur 11.0.1
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2019-20838
CVE-2020-14155
SQLite
Available for: macOS Catalina 10.15.7
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Swift
Available for: macOS Big Sur 11.0.1
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1765: Eliya Stein of Confiant
CVE-2021-1801: Eliya Stein of Confiant
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
WebKit
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: macOS Big Sur 11.0.1
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Additional recognition
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Login Window
We would like to acknowledge Jose Moises Romero-Villanueva of
CrySolve for their assistance.
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Screen Sharing Server
We would like to acknowledge @gorelics for their assistance.
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgrkACgkQZcsbuWJ6
jjATvhAAmcspGY8ZHJcSUGr9mysz5iT9oGkZcvFa8kcJsFAvFb9Wjz0M2eovBXQc
D9bD7LrUpodiqkSobB4bEevpD9P8E/T/eRSBxjomKLv5DKHPT4eh/K2EU6R6ubVi
GGNlT9DJrIxcTJIB2y/yfs8msV2w2/gZDLKJZP4Zh6t8G1sjI17iEaxpOph67aq2
X0d+P7+7q1mUBa47JEQ+HIUNlfHtBL825cnmHD2Vn1WELQLKZfXBl+nPM9l9naRc
3vYIvR7xJ5c4bqFx7N9xwGdQ5TRIoDijqADwggGwOZEiVZ7PWifj/iCLUz4Ks4hr
oGVE1UxN1oSX63D44ZQyfiyIWIiMtDV9V4J6mUoUnZ6RTTMoRRAF9DcSVF5/wmHk
odYnMeouHc543ZyVBtdtwJ/tbuBvTOjzpNn0+UgiyRL9wG/xxQq+gB4vwgSEviek
bBhyvdxLVWW0ULwFeN5rI5bCQBkv6BB9OSyhD6sMRrp59NAgBBS2nstZG1RAt7XL
2KZ1GpoNcuDRLj7ElxAfeJuPM1dFVTK48SH56M1FElz/QowZVOXyKgUoaeVTUyAC
3WOACmFAosFIclCbr8z8yGynX2bsCGBNKv4pKoHlyZCyFHCQw9L6uR2gRkOp86+M
iqHtE2L1WUZvUMCIKxfdixILEfoacSVCxr3+v4SSDOcEbSDYEIA=
=mUkG
-----END PGP SIGNATURE-----
| VAR-202104-0593 | CVE-2021-1736 | Apple Mac OS X and macOS Big Sur Out-of-bounds read vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. Apple Mac OS X and macOS Big Sur Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. An information disclosure vulnerability exists in Apple ImageIO that could allow a remote attacker to access potentially sensitive information. By persuading a victim to open a specially crafted image file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. Information
about the security content is also available at
https://support.apple.com/HT212147.
CVE-2021-1761: Cees Elzinga
APFS
Available for: macOS Big Sur 11.0.1
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
CFNetwork Cache
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team
CoreAnimation
Available for: macOS Big Sur 11.0.1
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
CoreAudio
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Crash Reporter
Available for: macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Directory Utility
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to access private
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-27937: Wojciech Reguła (@_r3ggi) of SecuRing
Endpoint Security
Available for: macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response
Center
FairPlay
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro
FontParser
Available for: macOS Mojave 10.14.6
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab
FontParser
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light-
Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1766: Danny Rosseau of Carve Systems
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant
Security Light-Year Lab
CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1738: Lei Sun
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
IOKit
Available for: macOS Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A logic error in kext loading was addressed with
improved state handling.
CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security
IOSkywalkFamily
Available for: macOS Big Sur 11.0.1
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security,
Proteas
Kernel
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Kernel
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2020-29633: Jewel Lambert of Original Spin, LLC.
CVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)
Model I/O
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1762: Mickey Jin of Trend Micro
Model I/O
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
NetFSFramework
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-25709
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan
Screen Sharing
Available for: macOS Big Sur 11.0.1
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2019-20838
CVE-2020-14155
SQLite
Available for: macOS Catalina 10.15.7
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Swift
Available for: macOS Big Sur 11.0.1
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1765: Eliya Stein of Confiant
CVE-2021-1801: Eliya Stein of Confiant
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
WebKit
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: macOS Big Sur 11.0.1
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Additional recognition
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Login Window
We would like to acknowledge Jose Moises Romero-Villanueva of
CrySolve for their assistance.
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Screen Sharing Server
We would like to acknowledge @gorelics for their assistance.
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgrkACgkQZcsbuWJ6
jjATvhAAmcspGY8ZHJcSUGr9mysz5iT9oGkZcvFa8kcJsFAvFb9Wjz0M2eovBXQc
D9bD7LrUpodiqkSobB4bEevpD9P8E/T/eRSBxjomKLv5DKHPT4eh/K2EU6R6ubVi
GGNlT9DJrIxcTJIB2y/yfs8msV2w2/gZDLKJZP4Zh6t8G1sjI17iEaxpOph67aq2
X0d+P7+7q1mUBa47JEQ+HIUNlfHtBL825cnmHD2Vn1WELQLKZfXBl+nPM9l9naRc
3vYIvR7xJ5c4bqFx7N9xwGdQ5TRIoDijqADwggGwOZEiVZ7PWifj/iCLUz4Ks4hr
oGVE1UxN1oSX63D44ZQyfiyIWIiMtDV9V4J6mUoUnZ6RTTMoRRAF9DcSVF5/wmHk
odYnMeouHc543ZyVBtdtwJ/tbuBvTOjzpNn0+UgiyRL9wG/xxQq+gB4vwgSEviek
bBhyvdxLVWW0ULwFeN5rI5bCQBkv6BB9OSyhD6sMRrp59NAgBBS2nstZG1RAt7XL
2KZ1GpoNcuDRLj7ElxAfeJuPM1dFVTK48SH56M1FElz/QowZVOXyKgUoaeVTUyAC
3WOACmFAosFIclCbr8z8yGynX2bsCGBNKv4pKoHlyZCyFHCQw9L6uR2gRkOp86+M
iqHtE2L1WUZvUMCIKxfdixILEfoacSVCxr3+v4SSDOcEbSDYEIA=
=mUkG
-----END PGP SIGNATURE-----
| VAR-202104-0588 | CVE-2021-1802 | macOS Vulnerability in privilege management in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A local attacker may be able to elevate their privileges. macOS Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vulnerabilities exist in the following product or version: macOS Catalina 10.15.7
| VAR-202104-0594 | CVE-2021-1737 | plural Apple Out-of-bounds write vulnerabilities in the product |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ImageIO framework. Crafted data in a PIC file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. There is a resource management error vulnerability in Apple ImageIO. The vulnerability originates from a boundary error when processing image files in the ImageIO component in macOS. A remote attacker could create a specially crafted file that tricks a victim into opening the file with affected software, triggering an out-of-bounds write and executing arbitrary code on the targeted system. Information
about the security content is also available at
https://support.apple.com/HT212147.
CVE-2021-1761: Cees Elzinga
APFS
Available for: macOS Big Sur 11.0.1
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
CFNetwork Cache
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team
CoreAnimation
Available for: macOS Big Sur 11.0.1
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
CoreAudio
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Crash Reporter
Available for: macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Directory Utility
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to access private
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-27937: Wojciech Reguła (@_r3ggi) of SecuRing
Endpoint Security
Available for: macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response
Center
FairPlay
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro
FontParser
Available for: macOS Mojave 10.14.6
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab
FontParser
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light-
Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1766: Danny Rosseau of Carve Systems
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant
Security Light-Year Lab
CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1738: Lei Sun
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
IOKit
Available for: macOS Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A logic error in kext loading was addressed with
improved state handling.
CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security
IOSkywalkFamily
Available for: macOS Big Sur 11.0.1
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security,
Proteas
Kernel
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Kernel
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2020-29633: Jewel Lambert of Original Spin, LLC.
CVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)
Model I/O
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1762: Mickey Jin of Trend Micro
Model I/O
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
NetFSFramework
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-25709
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan
Screen Sharing
Available for: macOS Big Sur 11.0.1
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2019-20838
CVE-2020-14155
SQLite
Available for: macOS Catalina 10.15.7
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Swift
Available for: macOS Big Sur 11.0.1
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1765: Eliya Stein of Confiant
CVE-2021-1801: Eliya Stein of Confiant
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling. Apple is aware of a report that this issue may have been
actively exploited.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: macOS Big Sur 11.0.1
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Additional recognition
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Login Window
We would like to acknowledge Jose Moises Romero-Villanueva of
CrySolve for their assistance.
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Screen Sharing Server
We would like to acknowledge @gorelics for their assistance.
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgrkACgkQZcsbuWJ6
jjATvhAAmcspGY8ZHJcSUGr9mysz5iT9oGkZcvFa8kcJsFAvFb9Wjz0M2eovBXQc
D9bD7LrUpodiqkSobB4bEevpD9P8E/T/eRSBxjomKLv5DKHPT4eh/K2EU6R6ubVi
GGNlT9DJrIxcTJIB2y/yfs8msV2w2/gZDLKJZP4Zh6t8G1sjI17iEaxpOph67aq2
X0d+P7+7q1mUBa47JEQ+HIUNlfHtBL825cnmHD2Vn1WELQLKZfXBl+nPM9l9naRc
3vYIvR7xJ5c4bqFx7N9xwGdQ5TRIoDijqADwggGwOZEiVZ7PWifj/iCLUz4Ks4hr
oGVE1UxN1oSX63D44ZQyfiyIWIiMtDV9V4J6mUoUnZ6RTTMoRRAF9DcSVF5/wmHk
odYnMeouHc543ZyVBtdtwJ/tbuBvTOjzpNn0+UgiyRL9wG/xxQq+gB4vwgSEviek
bBhyvdxLVWW0ULwFeN5rI5bCQBkv6BB9OSyhD6sMRrp59NAgBBS2nstZG1RAt7XL
2KZ1GpoNcuDRLj7ElxAfeJuPM1dFVTK48SH56M1FElz/QowZVOXyKgUoaeVTUyAC
3WOACmFAosFIclCbr8z8yGynX2bsCGBNKv4pKoHlyZCyFHCQw9L6uR2gRkOp86+M
iqHtE2L1WUZvUMCIKxfdixILEfoacSVCxr3+v4SSDOcEbSDYEIA=
=mUkG
-----END PGP SIGNATURE-----
| VAR-202104-0636 | CVE-2021-1757 | plural Apple Product out-of-bounds read vulnerability |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges. plural Apple The product contains an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A security vulnerability exists in Apple IOSkywalkFamily, which is caused by a boundary condition in the IOSkywalkFamily component in macOS. Local users can run specially crafted programs to trigger out-of-bounds read errors and elevate system privileges. Vulnerabilities exist in the following products or versions: macOS 11.0, macOS 11.0.1, macOS 11.1. By using a specially-crafted application, an attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. Information
about the security content is also available at
https://support.apple.com/HT212147.
CVE-2021-1761: Cees Elzinga
APFS
Available for: macOS Big Sur 11.0.1
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
CFNetwork Cache
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An integer overflow was addressed with improved input
validation.
CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team
CoreAnimation
Available for: macOS Big Sur 11.0.1
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
CoreAudio
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to code
execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
CoreMedia
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted text file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Crash Reporter
Available for: macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Crash Reporter
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Directory Utility
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to access private
information
Description: A logic issue was addressed with improved state
management.
CVE-2020-27937: Wojciech Reguła (@_r3ggi) of SecuRing
Endpoint Security
Available for: macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response
Center
FairPlay
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend
Micro working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1790: Peter Nguyen Vu Hoang of STAR Labs
FontParser
Available for: macOS Mojave 10.14.6
Impact: Processing a maliciously crafted font may lead to arbitrary
code execution
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro
FontParser
Available for: macOS Mojave 10.14.6
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab
FontParser
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An access issue was addressed with improved memory
management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light-
Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: An out-of-bounds read issue existed in the curl.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1766: Danny Rosseau of Carve Systems
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant
Security Light-Year Lab
CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1738: Lei Sun
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
IOKit
Available for: macOS Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A logic error in kext loading was addressed with
improved state handling.
CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security
IOSkywalkFamily
Available for: macOS Big Sur 11.0.1
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security,
Proteas
Kernel
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue existed resulting in memory corruption.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved
memory management.
Apple is aware of a report that this issue may have been actively
exploited.
CVE-2021-1782: an anonymous researcher
Kernel
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Login Window
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: An attacker in a privileged network position may be able to
bypass authentication policy
Description: An authentication issue was addressed with improved
state management.
CVE-2020-29633: Jewel Lambert of Original Spin, LLC.
CVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)
Model I/O
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-1762: Mickey Jin of Trend Micro
Model I/O
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to heap
corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro’s
Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with
Trend Micro’s Zero Day Initiative
NetFSFramework
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and
macOS Mojave 10.14.6
Impact: Mounting a maliciously crafted Samba network share may lead
to arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2020-25709
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state
management.
CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan
Screen Sharing
Available for: macOS Big Sur 11.0.1
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version
8.44.
CVE-2019-20838
CVE-2020-14155
SQLite
Available for: macOS Catalina 10.15.7
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to
version 3.32.3.
CVE-2020-15358
Swift
Available for: macOS Big Sur 11.0.1
Impact: A malicious attacker with arbitrary read and write capability
may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Maliciously crafted web content may violate iframe sandboxing
policy
Description: This issue was addressed with improved iframe sandbox
enforcement.
CVE-2021-1765: Eliya Stein of Confiant
CVE-2021-1801: Eliya Stein of Confiant
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
WebKit
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: macOS Big Sur 11.0.1
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A port redirection issue was addressed with additional
port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and
Samy Kamkar
Additional recognition
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse
Change of Trend Micro for their assistance.
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year
Labs for their assistance.
Login Window
We would like to acknowledge Jose Moises Romero-Villanueva of
CrySolve for their assistance.
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their
assistance.
Screen Sharing Server
We would like to acknowledge @gorelics for their assistance.
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgrkACgkQZcsbuWJ6
jjATvhAAmcspGY8ZHJcSUGr9mysz5iT9oGkZcvFa8kcJsFAvFb9Wjz0M2eovBXQc
D9bD7LrUpodiqkSobB4bEevpD9P8E/T/eRSBxjomKLv5DKHPT4eh/K2EU6R6ubVi
GGNlT9DJrIxcTJIB2y/yfs8msV2w2/gZDLKJZP4Zh6t8G1sjI17iEaxpOph67aq2
X0d+P7+7q1mUBa47JEQ+HIUNlfHtBL825cnmHD2Vn1WELQLKZfXBl+nPM9l9naRc
3vYIvR7xJ5c4bqFx7N9xwGdQ5TRIoDijqADwggGwOZEiVZ7PWifj/iCLUz4Ks4hr
oGVE1UxN1oSX63D44ZQyfiyIWIiMtDV9V4J6mUoUnZ6RTTMoRRAF9DcSVF5/wmHk
odYnMeouHc543ZyVBtdtwJ/tbuBvTOjzpNn0+UgiyRL9wG/xxQq+gB4vwgSEviek
bBhyvdxLVWW0ULwFeN5rI5bCQBkv6BB9OSyhD6sMRrp59NAgBBS2nstZG1RAt7XL
2KZ1GpoNcuDRLj7ElxAfeJuPM1dFVTK48SH56M1FElz/QowZVOXyKgUoaeVTUyAC
3WOACmFAosFIclCbr8z8yGynX2bsCGBNKv4pKoHlyZCyFHCQw9L6uR2gRkOp86+M
iqHtE2L1WUZvUMCIKxfdixILEfoacSVCxr3+v4SSDOcEbSDYEIA=
=mUkG
-----END PGP SIGNATURE-----
.
CVE-2021-1782: an anonymous researcher
Messages
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A privacy issue existed in the handling of Contact
cards.
CVE-2021-1753: Mickey Jin of Trend Micro
Entry added February 1, 2021
Phone Keypad
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: A lock screen issue allowed access to contacts on a
locked device
| VAR-202104-0587 | CVE-2021-1801 | Pillow Buffer error vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. WebKit is an open source web browser engine jointly developed by KDE, Apple, Google and other companies. A security vulnerability exists in Apple WebKit due to applications not properly implementing the mandatory boxing policy in WebKit. A remote attacker could create a specially crafted web page that would lure a victim to visit it and bypass implemented security restrictions. Vulnerabilities exist in the following product or version: macOS Big Sur 11.0.1. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: GNOME security, bug fix, and enhancement update
Advisory ID: RHSA-2021:4381-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4381
Issue date: 2021-11-09
CVE Names: CVE-2020-13558 CVE-2020-24870 CVE-2020-27918
CVE-2020-29623 CVE-2020-36241 CVE-2021-1765
CVE-2021-1788 CVE-2021-1789 CVE-2021-1799
CVE-2021-1801 CVE-2021-1844 CVE-2021-1870
CVE-2021-1871 CVE-2021-21775 CVE-2021-21779
CVE-2021-21806 CVE-2021-28650 CVE-2021-30663
CVE-2021-30665 CVE-2021-30682 CVE-2021-30689
CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795
CVE-2021-30797 CVE-2021-30799
====================================================================
1. Summary:
An update for GNOME is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
GNOME is the default desktop environment of Red Hat Enterprise Linux.
The following packages have been upgraded to a later upstream version: gdm
(40.0), webkit2gtk3 (2.32.3). (BZ#1909300)
Security Fix(es):
* webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to
arbitrary code execution (CVE-2020-13558)
* LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in
identify.cpp (CVE-2020-24870)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2020-27918)
* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-1788)
* webkitgtk: Type confusion issue leading to arbitrary code execution
(CVE-2021-1789)
* webkitgtk: Access to restricted ports on arbitrary servers via port
redirection (CVE-2021-1799)
* webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801)
* webkitgtk: Memory corruption issue leading to arbitrary code execution
(CVE-2021-1844)
* webkitgtk: Logic issue leading to arbitrary code execution
(CVE-2021-1870)
* webkitgtk: Logic issue leading to arbitrary code execution
(CVE-2021-1871)
* webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent
leading to information leak and possibly code execution (CVE-2021-21775)
* webkitgtk: Use-after-free in WebCore::GraphicsContext leading to
information leak and possibly code execution (CVE-2021-21779)
* webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code
execution (CVE-2021-21806)
* webkitgtk: Integer overflow leading to arbitrary code execution
(CVE-2021-30663)
* webkitgtk: Memory corruption leading to arbitrary code execution
(CVE-2021-30665)
* webkitgtk: Logic issue leading to leak of sensitive user information
(CVE-2021-30682)
* webkitgtk: Logic issue leading to universal cross site scripting attack
(CVE-2021-30689)
* webkitgtk: Logic issue allowing access to restricted ports on arbitrary
servers (CVE-2021-30720)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30734)
* webkitgtk: Cross-origin issue with iframe elements leading to universal
cross site scripting attack (CVE-2021-30744)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30749)
* webkitgtk: Type confusion leading to arbitrary code execution
(CVE-2021-30758)
* webkitgtk: Use-after-free leading to arbitrary code execution
(CVE-2021-30795)
* webkitgtk: Insufficient checks leading to arbitrary code execution
(CVE-2021-30797)
* webkitgtk: Memory corruptions leading to arbitrary code execution
(CVE-2021-30799)
* webkitgtk: User may be unable to fully delete browsing history
(CVE-2020-29623)
* gnome-autoar: Directory traversal via directory symbolic links pointing
outside of the destination directory (CVE-2020-36241)
* gnome-autoar: Directory traversal via directory symbolic links pointing
outside of the destination directory (incomplete CVE-2020-36241 fix)
(CVE-2021-28650)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
GDM must be restarted for this update to take effect. The GNOME session
must be restarted (log out, then log back in) for this update to take
effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1651378 - [RFE] Provide a mechanism for persistently showing the security level of a machine at login time
1770302 - disable show text in GDM login/lock screen (patched in RHEL 7.8)
1791478 - Cannot completely disable odrs (Gnome Ratings) from the Software application in Gnome Desktop
1813727 - Files copied from NFS4 to Desktop can't be opened
1854679 - [RFE] Disable left edge gesture
1873297 - Gnome-software coredumps when run as root in terminal
1873488 - GTK3 prints errors with overlay scrollbar disabled
1888404 - Updates page hides ongoing updates on refresh
1894613 - [RFE] Re-inclusion of workspace renaming in GNOME 3.
1897932 - JS ERROR: Error: Extension point conflict: there is already a status indicator for role ...
1904139 - Automatic Logout Feature not working
1905000 - Desktop refresh broken after unlock
1909300 - gdm isn't killing the login screen on login after all, should rebase to latest release
1914925 - RFE: add patch to set grub boot_success flag on shutdown/reboot
1924725 - [Wayland] Double-touch desktop icons fails sometimes
1925640 - CVE-2020-36241 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory
1928794 - CVE-2020-24870 LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
1928886 - CVE-2020-13558 webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
1935261 - [RFE] Enable connecting to WiFI and VPN connections at the GDM login
1937416 - Rebase WebKitGTK to 2.32
1937866 - Unable to disable onscreen keyboard in touch screen machine [rhel-8.5.0]
1938937 - Mutter: mouse click doesn't work when using 10-bit graphic monitor [rhel-8.5.0]
1940026 - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)
1944323 - CVE-2020-27918 webkitgtk: Use-after-free leading to arbitrary code execution
1944329 - CVE-2020-29623 webkitgtk: User may be unable to fully delete browsing history
1944333 - CVE-2021-1765 webkitgtk: IFrame sandboxing policy violation
1944337 - CVE-2021-1789 webkitgtk: Type confusion issue leading to arbitrary code execution
1944340 - CVE-2021-1799 webkitgtk: Access to restricted ports on arbitrary servers via port redirection
1944343 - CVE-2021-1801 webkitgtk: IFrame sandboxing policy violation
1944350 - CVE-2021-1870 webkitgtk: Logic issue leading to arbitrary code execution
1944859 - CVE-2021-1788 webkitgtk: Use-after-free leading to arbitrary code execution
1944862 - CVE-2021-1844 webkitgtk: Memory corruption issue leading to arbitrary code execution
1944867 - CVE-2021-1871 webkitgtk: Logic issue leading to arbitrary code execution
1949176 - GNOME Shell on Wayland does not generate xauth data, needed for X forwarding over SSH
1951086 - Disable the Facebook provider
1952136 - Disable the Foursquare provider
1955754 - gnome-session kiosk-session support still isn't up to muster
1957705 - RFE: make gnome-calculator internet access attemps configurable system-wide
1960705 - Vino nonfunctional in FIPS mode
1962049 - [Hyper-V][RHEL8.5]gdm: Guest with 1 vcpu start GUI failed on Hyper-V
1971507 - gnome-shell JS ERROR Error calling onComplete: TypeError this._dialog.actor is undefined _hideLockScreenComplete updateTweens
1971534 - gnome-shell[2343]: gsignal.c:2642: instance '0x5583c61f9280' has no handler with id '23831'
1972545 - flatpak: Prefer runtime from the same origin as the application
1978287 - gnome-shell to include / Documented - PolicyKit-authentication-agent
1978505 - Gnome Software development package is missing important header files.
1978612 - pt_BR translations for "Register System" panel
1980441 - CVE-2021-21806 webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution
1980661 - "Screen Lock disabled" notification appears on first login after disabling gdm and notification pop-up.
1981420 - Improve style of overview close buttons
1986863 - CVE-2021-21775 webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution
1986866 - CVE-2021-21779 webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution
1986872 - CVE-2021-30663 webkitgtk: Integer overflow leading to arbitrary code execution
1986874 - CVE-2021-30665 webkitgtk: Memory corruption leading to arbitrary code execution
1986879 - CVE-2021-30682 webkitgtk: Logic issue leading to leak of sensitive user information
1986881 - CVE-2021-30689 webkitgtk: Logic issue leading to universal cross site scripting attack
1986883 - CVE-2021-30720 webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers
1986886 - CVE-2021-30734 webkitgtk: Memory corruptions leading to arbitrary code execution
1986888 - CVE-2021-30744 webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack
1986890 - CVE-2021-30749 webkitgtk: Memory corruptions leading to arbitrary code execution
1986892 - CVE-2021-30758 webkitgtk: Type confusion leading to arbitrary code execution
1986900 - CVE-2021-30795 webkitgtk: Use-after-free leading to arbitrary code execution
1986902 - CVE-2021-30797 webkitgtk: Insufficient checks leading to arbitrary code execution
1986906 - CVE-2021-30799 webkitgtk: Memory corruptions leading to arbitrary code execution
1987233 - [RHEL8.5]Login screen shows dots when entering username
1989035 - terminal don't redraw if partially off screen
1998989 - [RHEL8.5] [Hyper-V]Cannot display GUI after installed RHEL8.5 recent build
1999120 - Gnome file manager crashes Xwayland/Desktop on drag/drop of files
2004170 - Unable to login to session via xdmcp
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
LibRaw-0.19.5-3.el8.src.rpm
accountsservice-0.6.55-2.el8.src.rpm
gdm-40.0-15.el8.src.rpm
gnome-autoar-0.2.3-2.el8.src.rpm
gnome-calculator-3.28.2-2.el8.src.rpm
gnome-control-center-3.28.2-28.el8.src.rpm
gnome-online-accounts-3.28.2-3.el8.src.rpm
gnome-session-3.28.1-13.el8.src.rpm
gnome-settings-daemon-3.32.0-16.el8.src.rpm
gnome-shell-3.32.2-40.el8.src.rpm
gnome-shell-extensions-3.32.1-20.el8.src.rpm
gnome-software-3.36.1-10.el8.src.rpm
gtk3-3.22.30-8.el8.src.rpm
mutter-3.32.2-60.el8.src.rpm
vino-3.22.0-11.el8.src.rpm
webkit2gtk3-2.32.3-2.el8.src.rpm
aarch64:
accountsservice-0.6.55-2.el8.aarch64.rpm
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gdm-40.0-15.el8.aarch64.rpm
gdm-debuginfo-40.0-15.el8.aarch64.rpm
gdm-debugsource-40.0-15.el8.aarch64.rpm
gnome-autoar-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.aarch64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.aarch64.rpm
gnome-calculator-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.aarch64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.aarch64.rpm
gnome-control-center-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.aarch64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.aarch64.rpm
gnome-online-accounts-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.aarch64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm
gnome-session-3.28.1-13.el8.aarch64.rpm
gnome-session-debuginfo-3.28.1-13.el8.aarch64.rpm
gnome-session-debugsource-3.28.1-13.el8.aarch64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.aarch64.rpm
gnome-session-wayland-session-3.28.1-13.el8.aarch64.rpm
gnome-session-xsession-3.28.1-13.el8.aarch64.rpm
gnome-settings-daemon-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.aarch64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.aarch64.rpm
gnome-shell-3.32.2-40.el8.aarch64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.aarch64.rpm
gnome-shell-debugsource-3.32.2-40.el8.aarch64.rpm
gnome-software-3.36.1-10.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm
gtk-update-icon-cache-3.22.30-8.el8.aarch64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-3.22.30-8.el8.aarch64.rpm
gtk3-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-debugsource-3.22.30-8.el8.aarch64.rpm
gtk3-devel-3.22.30-8.el8.aarch64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-3.22.30-8.el8.aarch64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.aarch64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.aarch64.rpm
mutter-3.32.2-60.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
vino-3.22.0-11.el8.aarch64.rpm
vino-debuginfo-3.22.0-11.el8.aarch64.rpm
vino-debugsource-3.22.0-11.el8.aarch64.rpm
webkit2gtk3-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.aarch64.rpm
noarch:
gnome-classic-session-3.32.1-20.el8.noarch.rpm
gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm
gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm
gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
ppc64le:
LibRaw-0.19.5-3.el8.ppc64le.rpm
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-0.6.55-2.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gdm-40.0-15.el8.ppc64le.rpm
gdm-debuginfo-40.0-15.el8.ppc64le.rpm
gdm-debugsource-40.0-15.el8.ppc64le.rpm
gnome-autoar-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.ppc64le.rpm
gnome-autoar-debugsource-0.2.3-2.el8.ppc64le.rpm
gnome-calculator-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.ppc64le.rpm
gnome-calculator-debugsource-3.28.2-2.el8.ppc64le.rpm
gnome-control-center-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.ppc64le.rpm
gnome-control-center-debugsource-3.28.2-28.el8.ppc64le.rpm
gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.ppc64le.rpm
gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm
gnome-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-debuginfo-3.28.1-13.el8.ppc64le.rpm
gnome-session-debugsource-3.28.1-13.el8.ppc64le.rpm
gnome-session-kiosk-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-wayland-session-3.28.1-13.el8.ppc64le.rpm
gnome-session-xsession-3.28.1-13.el8.ppc64le.rpm
gnome-settings-daemon-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.ppc64le.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.ppc64le.rpm
gnome-shell-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debuginfo-3.32.2-40.el8.ppc64le.rpm
gnome-shell-debugsource-3.32.2-40.el8.ppc64le.rpm
gnome-software-3.36.1-10.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm
gtk-update-icon-cache-3.22.30-8.el8.ppc64le.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-3.22.30-8.el8.ppc64le.rpm
gtk3-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-debugsource-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-3.22.30-8.el8.ppc64le.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-3.22.30-8.el8.ppc64le.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.ppc64le.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.ppc64le.rpm
mutter-3.32.2-60.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
vino-3.22.0-11.el8.ppc64le.rpm
vino-debuginfo-3.22.0-11.el8.ppc64le.rpm
vino-debugsource-3.22.0-11.el8.ppc64le.rpm
webkit2gtk3-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.ppc64le.rpm
s390x:
accountsservice-0.6.55-2.el8.s390x.rpm
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-libs-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gdm-40.0-15.el8.s390x.rpm
gdm-debuginfo-40.0-15.el8.s390x.rpm
gdm-debugsource-40.0-15.el8.s390x.rpm
gnome-autoar-0.2.3-2.el8.s390x.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.s390x.rpm
gnome-autoar-debugsource-0.2.3-2.el8.s390x.rpm
gnome-calculator-3.28.2-2.el8.s390x.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.s390x.rpm
gnome-calculator-debugsource-3.28.2-2.el8.s390x.rpm
gnome-control-center-3.28.2-28.el8.s390x.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.s390x.rpm
gnome-control-center-debugsource-3.28.2-28.el8.s390x.rpm
gnome-online-accounts-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.s390x.rpm
gnome-online-accounts-devel-3.28.2-3.el8.s390x.rpm
gnome-session-3.28.1-13.el8.s390x.rpm
gnome-session-debuginfo-3.28.1-13.el8.s390x.rpm
gnome-session-debugsource-3.28.1-13.el8.s390x.rpm
gnome-session-kiosk-session-3.28.1-13.el8.s390x.rpm
gnome-session-wayland-session-3.28.1-13.el8.s390x.rpm
gnome-session-xsession-3.28.1-13.el8.s390x.rpm
gnome-settings-daemon-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.s390x.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.s390x.rpm
gnome-shell-3.32.2-40.el8.s390x.rpm
gnome-shell-debuginfo-3.32.2-40.el8.s390x.rpm
gnome-shell-debugsource-3.32.2-40.el8.s390x.rpm
gnome-software-3.36.1-10.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.s390x.rpm
gtk-update-icon-cache-3.22.30-8.el8.s390x.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-3.22.30-8.el8.s390x.rpm
gtk3-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-debugsource-3.22.30-8.el8.s390x.rpm
gtk3-devel-3.22.30-8.el8.s390x.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-3.22.30-8.el8.s390x.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.s390x.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.s390x.rpm
mutter-3.32.2-60.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
vino-3.22.0-11.el8.s390x.rpm
vino-debuginfo-3.22.0-11.el8.s390x.rpm
vino-debugsource-3.22.0-11.el8.s390x.rpm
webkit2gtk3-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.s390x.rpm
x86_64:
LibRaw-0.19.5-3.el8.i686.rpm
LibRaw-0.19.5-3.el8.x86_64.rpm
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-0.6.55-2.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-0.6.55-2.el8.i686.rpm
accountsservice-libs-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gdm-40.0-15.el8.i686.rpm
gdm-40.0-15.el8.x86_64.rpm
gdm-debuginfo-40.0-15.el8.i686.rpm
gdm-debuginfo-40.0-15.el8.x86_64.rpm
gdm-debugsource-40.0-15.el8.i686.rpm
gdm-debugsource-40.0-15.el8.x86_64.rpm
gnome-autoar-0.2.3-2.el8.i686.rpm
gnome-autoar-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.i686.rpm
gnome-autoar-debuginfo-0.2.3-2.el8.x86_64.rpm
gnome-autoar-debugsource-0.2.3-2.el8.i686.rpm
gnome-autoar-debugsource-0.2.3-2.el8.x86_64.rpm
gnome-calculator-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debuginfo-3.28.2-2.el8.x86_64.rpm
gnome-calculator-debugsource-3.28.2-2.el8.x86_64.rpm
gnome-control-center-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debuginfo-3.28.2-28.el8.x86_64.rpm
gnome-control-center-debugsource-3.28.2-28.el8.x86_64.rpm
gnome-online-accounts-3.28.2-3.el8.i686.rpm
gnome-online-accounts-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debuginfo-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.i686.rpm
gnome-online-accounts-debugsource-3.28.2-3.el8.x86_64.rpm
gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm
gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm
gnome-session-3.28.1-13.el8.x86_64.rpm
gnome-session-debuginfo-3.28.1-13.el8.x86_64.rpm
gnome-session-debugsource-3.28.1-13.el8.x86_64.rpm
gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm
gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm
gnome-session-xsession-3.28.1-13.el8.x86_64.rpm
gnome-settings-daemon-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debuginfo-3.32.0-16.el8.x86_64.rpm
gnome-settings-daemon-debugsource-3.32.0-16.el8.x86_64.rpm
gnome-shell-3.32.2-40.el8.x86_64.rpm
gnome-shell-debuginfo-3.32.2-40.el8.x86_64.rpm
gnome-shell-debugsource-3.32.2-40.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.x86_64.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm
gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm
gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.i686.rpm
gtk-update-icon-cache-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-3.22.30-8.el8.i686.rpm
gtk3-3.22.30-8.el8.x86_64.rpm
gtk3-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-debugsource-3.22.30-8.el8.i686.rpm
gtk3-debugsource-3.22.30-8.el8.x86_64.rpm
gtk3-devel-3.22.30-8.el8.i686.rpm
gtk3-devel-3.22.30-8.el8.x86_64.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-devel-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodule-xim-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-immodules-debuginfo-3.22.30-8.el8.x86_64.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.i686.rpm
gtk3-tests-debuginfo-3.22.30-8.el8.x86_64.rpm
mutter-3.32.2-60.el8.i686.rpm
mutter-3.32.2-60.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
vino-3.22.0-11.el8.x86_64.rpm
vino-debuginfo-3.22.0-11.el8.x86_64.rpm
vino-debugsource-3.22.0-11.el8.x86_64.rpm
webkit2gtk3-2.32.3-2.el8.i686.rpm
webkit2gtk3-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.i686.rpm
webkit2gtk3-debugsource-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-debuginfo-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.32.3-2.el8.x86_64.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
gsettings-desktop-schemas-3.32.0-6.el8.src.rpm
aarch64:
gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
ppc64le:
gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
s390x:
gsettings-desktop-schemas-3.32.0-6.el8.s390x.rpm
x86_64:
gsettings-desktop-schemas-3.32.0-6.el8.x86_64.rpm
Red Hat Enterprise Linux CRB (v. 8):
aarch64:
accountsservice-debuginfo-0.6.55-2.el8.aarch64.rpm
accountsservice-debugsource-0.6.55-2.el8.aarch64.rpm
accountsservice-devel-0.6.55-2.el8.aarch64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.aarch64.rpm
gnome-software-debuginfo-3.36.1-10.el8.aarch64.rpm
gnome-software-debugsource-3.36.1-10.el8.aarch64.rpm
gnome-software-devel-3.36.1-10.el8.aarch64.rpm
mutter-debuginfo-3.32.2-60.el8.aarch64.rpm
mutter-debugsource-3.32.2-60.el8.aarch64.rpm
mutter-devel-3.32.2-60.el8.aarch64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.aarch64.rpm
ppc64le:
LibRaw-debuginfo-0.19.5-3.el8.ppc64le.rpm
LibRaw-debugsource-0.19.5-3.el8.ppc64le.rpm
LibRaw-devel-0.19.5-3.el8.ppc64le.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.ppc64le.rpm
accountsservice-debuginfo-0.6.55-2.el8.ppc64le.rpm
accountsservice-debugsource-0.6.55-2.el8.ppc64le.rpm
accountsservice-devel-0.6.55-2.el8.ppc64le.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.ppc64le.rpm
gnome-software-debuginfo-3.36.1-10.el8.ppc64le.rpm
gnome-software-debugsource-3.36.1-10.el8.ppc64le.rpm
gnome-software-devel-3.36.1-10.el8.ppc64le.rpm
mutter-debuginfo-3.32.2-60.el8.ppc64le.rpm
mutter-debugsource-3.32.2-60.el8.ppc64le.rpm
mutter-devel-3.32.2-60.el8.ppc64le.rpm
mutter-tests-debuginfo-3.32.2-60.el8.ppc64le.rpm
s390x:
accountsservice-debuginfo-0.6.55-2.el8.s390x.rpm
accountsservice-debugsource-0.6.55-2.el8.s390x.rpm
accountsservice-devel-0.6.55-2.el8.s390x.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.s390x.rpm
gnome-software-debuginfo-3.36.1-10.el8.s390x.rpm
gnome-software-debugsource-3.36.1-10.el8.s390x.rpm
gnome-software-devel-3.36.1-10.el8.s390x.rpm
mutter-debuginfo-3.32.2-60.el8.s390x.rpm
mutter-debugsource-3.32.2-60.el8.s390x.rpm
mutter-devel-3.32.2-60.el8.s390x.rpm
mutter-tests-debuginfo-3.32.2-60.el8.s390x.rpm
x86_64:
LibRaw-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-debuginfo-0.19.5-3.el8.x86_64.rpm
LibRaw-debugsource-0.19.5-3.el8.i686.rpm
LibRaw-debugsource-0.19.5-3.el8.x86_64.rpm
LibRaw-devel-0.19.5-3.el8.i686.rpm
LibRaw-devel-0.19.5-3.el8.x86_64.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.i686.rpm
LibRaw-samples-debuginfo-0.19.5-3.el8.x86_64.rpm
accountsservice-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-debuginfo-0.6.55-2.el8.x86_64.rpm
accountsservice-debugsource-0.6.55-2.el8.i686.rpm
accountsservice-debugsource-0.6.55-2.el8.x86_64.rpm
accountsservice-devel-0.6.55-2.el8.i686.rpm
accountsservice-devel-0.6.55-2.el8.x86_64.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.i686.rpm
accountsservice-libs-debuginfo-0.6.55-2.el8.x86_64.rpm
gnome-software-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.i686.rpm
gnome-software-debuginfo-3.36.1-10.el8.x86_64.rpm
gnome-software-debugsource-3.36.1-10.el8.i686.rpm
gnome-software-debugsource-3.36.1-10.el8.x86_64.rpm
gnome-software-devel-3.36.1-10.el8.i686.rpm
gnome-software-devel-3.36.1-10.el8.x86_64.rpm
mutter-debuginfo-3.32.2-60.el8.i686.rpm
mutter-debuginfo-3.32.2-60.el8.x86_64.rpm
mutter-debugsource-3.32.2-60.el8.i686.rpm
mutter-debugsource-3.32.2-60.el8.x86_64.rpm
mutter-devel-3.32.2-60.el8.i686.rpm
mutter-devel-3.32.2-60.el8.x86_64.rpm
mutter-tests-debuginfo-3.32.2-60.el8.i686.rpm
mutter-tests-debuginfo-3.32.2-60.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-13558
https://access.redhat.com/security/cve/CVE-2020-24870
https://access.redhat.com/security/cve/CVE-2020-27918
https://access.redhat.com/security/cve/CVE-2020-29623
https://access.redhat.com/security/cve/CVE-2020-36241
https://access.redhat.com/security/cve/CVE-2021-1765
https://access.redhat.com/security/cve/CVE-2021-1788
https://access.redhat.com/security/cve/CVE-2021-1789
https://access.redhat.com/security/cve/CVE-2021-1799
https://access.redhat.com/security/cve/CVE-2021-1801
https://access.redhat.com/security/cve/CVE-2021-1844
https://access.redhat.com/security/cve/CVE-2021-1870
https://access.redhat.com/security/cve/CVE-2021-1871
https://access.redhat.com/security/cve/CVE-2021-21775
https://access.redhat.com/security/cve/CVE-2021-21779
https://access.redhat.com/security/cve/CVE-2021-21806
https://access.redhat.com/security/cve/CVE-2021-28650
https://access.redhat.com/security/cve/CVE-2021-30663
https://access.redhat.com/security/cve/CVE-2021-30665
https://access.redhat.com/security/cve/CVE-2021-30682
https://access.redhat.com/security/cve/CVE-2021-30689
https://access.redhat.com/security/cve/CVE-2021-30720
https://access.redhat.com/security/cve/CVE-2021-30734
https://access.redhat.com/security/cve/CVE-2021-30744
https://access.redhat.com/security/cve/CVE-2021-30749
https://access.redhat.com/security/cve/CVE-2021-30758
https://access.redhat.com/security/cve/CVE-2021-30795
https://access.redhat.com/security/cve/CVE-2021-30797
https://access.redhat.com/security/cve/CVE-2021-30799
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYrdm9zjgjWX9erEAQhgIA/+KzLn8QVHI3X8x9ufH1+nO8QXQqwTGQ0E
awNXP8h4qsL7EGugHrz/KVjwaKJs/erPxh5jGl/xE1ZhngGlyStUpQkI2Y3cP2/3
05jDPPS0QEfG5Y0rlnESyPxtwQTCpqped5P7L8VtKuzRae1HV63onsBB8zpcIFF7
sTKcP6wAAjJDltUjlhnEkkE3G6Dxfv14/UowRAWoT9pa9cP0+KqdhuYKHdt3fCD7
tEItM/SFQGoCF8zvXbvAiUXfZsQ/t/Yik9O6WISTWenaxCcP43Xn7aicsvZMVOvQ
w+jnH/hnMLBoPhH2k4PClsDapa/D6IrQIUrwxtgfbC4KRs0fbdrEGCPqs4nl/AdD
Migcf4gCMBq0bk3/yKp+/bi+OWwRMmw3ZdkJsOTNrOAkK1UCyrpF1ULyfs+8/OC5
QnXW88fPCwhFj+KSAq5Cqfwm3hrKTCWIT/T1DQBG+J7Y9NgEx+zEXVmWaaA0z+7T
qji5aUsIH+TG3t1EwtXABWGGEBRxC+svUoWNJBW1u6qwxfMx5E+hHUHhRewVYLYu
SToRXa3cIX23M/XyHNXBgMCpPPw8DeY5aAA1fvKQsuMCLywDg0N3mYhvk1HUNidb
Z6HmsLjLrGbkb1AAhP0V0wUuh5P6YJlL6iM49fQgztlHoBO0OAo56GBjAyT3pAAX
2rgR2Ny0wo4=gfrM
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized
usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications
2021666 - Route name longer than 63 characters causes direct volume migration to fail
2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes
2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image
2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console
2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout
2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error
2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource
2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202104-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: WebkitGTK+: Multiple vulnerabilities
Date: April 30, 2021
Bugs: #770793, #773193
ID: 202104-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
==========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from
hybrid HTML/CSS applications to full-fledged web browsers.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.30.6 >= 2.30.6
Description
===========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.30.6"
References
==========
[ 1 ] CVE-2020-13558
https://nvd.nist.gov/vuln/detail/CVE-2020-13558
[ 2 ] CVE-2020-27918
https://nvd.nist.gov/vuln/detail/CVE-2020-27918
[ 3 ] CVE-2020-29623
https://nvd.nist.gov/vuln/detail/CVE-2020-29623
[ 4 ] CVE-2020-9947
https://nvd.nist.gov/vuln/detail/CVE-2020-9947
[ 5 ] CVE-2021-1765
https://nvd.nist.gov/vuln/detail/CVE-2021-1765
[ 6 ] CVE-2021-1789
https://nvd.nist.gov/vuln/detail/CVE-2021-1789
[ 7 ] CVE-2021-1799
https://nvd.nist.gov/vuln/detail/CVE-2021-1799
[ 8 ] CVE-2021-1801
https://nvd.nist.gov/vuln/detail/CVE-2021-1801
[ 9 ] CVE-2021-1870
https://nvd.nist.gov/vuln/detail/CVE-2021-1870
[ 10 ] WSA-2021-0001
https://webkitgtk.org/security/WSA-2021-0001.html
[ 11 ] WSA-2021-0002
https://webkitgtk.org/security/WSA-2021-0002.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202104-03
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2021 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4877-1 security@debian.org
https://www.debian.org/security/ Alberto Garcia
March 27, 2021 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1789
CVE-2021-1799 CVE-2021-1801 CVE-2021-1870
The following vulnerabilities have been discovered in the webkit2gtk
web engine:
CVE-2020-27918
Liu Long discovered that processing maliciously crafted web
content may lead to arbitrary code execution.
CVE-2020-29623
Simon Hunt discovered that users may be unable to fully delete
their browsing history under some circumstances.
CVE-2021-1799
Gregory Vishnepolsky, Ben Seri and Samy Kamkar discovered that a
malicious website may be able to access restricted ports on
arbitrary servers.
For the stable distribution (buster), these problems have been fixed in
version 2.30.6-1~deb10u1.
We recommend that you upgrade your webkit2gtk packages.
For the detailed security status of webkit2gtk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/webkit2gtk
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmBe0l1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S5hQ/8C2v1zUfBwSGNyQkeH/8SJ4P39FOtLS7uKAsBu24uFgQn0NJ2tITsGU+d
MvPT813PYFND7RRjwch+KVhxfj1py0JzxeizGNJf8B5qocfCLJn/cGzrxIqurxVC
eiwum9x49P9+kCBfiBBz3hTGiaVJa9HdgonauOhlxgVITYDqgE5Z5jTpKaM3lKQv
qa9CIrP0zaGdOVwY9PUMRNCxJ1i90cKNePLaIE/a1R4p7pwa5sR069uu94PGahQx
KDd8w0/3dFeQoQTALhvrkxdKCDgi4GWzCnB1KD2k4lZncPOrx0yGRx8H0lXO+MgN
6+0zg5EaG1bdk4aYoyYKTPIYPRVbJBpg9pisgJ+IL452P1F7zmaUq2vtSZMl7JIN
xwzxuMKAR7letp+Ji7HRb34rex7ni0bIMndDs1sBjesUK1C9c2gRUtj2uhRStS9a
0sqmVjCqGxaXzsKL+5AqJY8VYbPCXvxhoNGHzGA6SdFv/bj8l6FOpsrFguNhpFJ4
6QdvgvFuRo2fYXsfRhosyLH4XXfyf4XZiDC4zX6Z1/Ata4mPJCgbS/aoewEIarm5
Nw426CdjAtefXdeRbRd/VRmZPNriolXlYI11VxhM9xpmw0Ag75jq+meNF3+wi9G0
6m8OoG+6FhUc4UcLv/OiSFHZgy3eTP6wIqa/6FG1gh7wta2+sXM=
=IQ2D
-----END PGP SIGNATURE-----