SB2021052415 - Multiple vulnerabilities in Apple macOS Big Sur
Published: May 24, 2021 Updated: July 19, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 83 secuirty vulnerabilities.
1) Double Free (CVE-ID: CVE-2020-36225)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the saslAuthzTo processing. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack
2) Type Confusion (CVE-ID: CVE-2020-36229)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in ldap_X509dn2bv when parsing X.509 DN in ad_keystring. A remote attacker can send a specially crafted request to slapd and crash it.
3) Reachable Assertion (CVE-ID: CVE-2020-36230)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when parsing the X.509 DN within the ber_next_element() function in decode.c. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.
4) Reachable Assertion (CVE-ID: CVE-2020-36222)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in slapd in the saslAuthzTo validation. A remote attacker can send a specially crafted request and perform a denial of service (DoS) attack.
5) Integer underflow (CVE-ID: CVE-2020-36228)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow when processing the certificate list exact assertion. A remote attacker can send a specially crafted request to the slapd, trigger integer underflow and perform a denial of service (DoS) attack.
6) Integer underflow (CVE-ID: CVE-2020-36221)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow within the serialNumberAndIssuerCheck() function in schema_init.c. A remote attacker can send a specially crafted request to the affected application, trigger an integer underflow and crash the slapd.
7) Release of invalid pointer or reference (CVE-ID: CVE-2020-36224)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to release of an invalid pointer when processing saslAuthzTo requests. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.
8) Double Free (CVE-ID: CVE-2020-36223)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error during the Values Return Filter control handling. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack.
9) Infinite loop (CVE-ID: CVE-2020-36227)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in slapd with the cancel_extop Cancel operation. A remote attacker can send a specially crafted request and perform a denial of service conditions.
10) Resource management error (CVE-ID: CVE-2020-36226)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application leading to a memch->bv_len miscalculation during saslAuthzTo processing. A remote attacker can send specially crafted request to the slapd and perform a denial of service (DoS) attack.
11) NULL pointer dereference (CVE-ID: CVE-2021-23841)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the X509_issuer_and_serial_hash() function when parsing the issuer field in the X509 certificate. A remote attacker can supply a specially crafted certificate, trigger a NULL pointer dereference error and perform a denial of service (DoS) attack.
12) Input validation error (CVE-ID: CVE-2021-30713)
The vulnerability allows a local user to bypass Privacy preferences.
The vulnerability exists due to insufficient validation of user-supplied input within the TCC subsystem. A malicious application can bypass Privacy preferences and gain full disk access, perform screen recording or gain other permissions without requiring user's explicit consent.
Note, the vulnerability is being actively exploited in the wild by XCSSET malware.
13) Security restrictions bypass (CVE-ID: CVE-2021-30727)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions in Crash reported component. A local application can modify protected parts of the file system.
14) Stack-based buffer overflow (CVE-ID: CVE-2021-30686)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition within the
USACBitstreamReader function in AudioCodecs. A remote attacker can
create a specially crafted LOAS file, trick the victim into opening it,
trigger a stack-based buffer overflow and execute arbitrary code on the system.
15) UNIX symbolic link following (CVE-ID: CVE-2021-30681)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue within the Core Services subsystem. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
16) Out-of-bounds read (CVE-ID: CVE-2021-30685)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the AudioToolboxCore framework in Audio subsystem. A remote attacker can create a specially crafted AAC file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
17) Buffer overflow (CVE-ID: CVE-2021-30707)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Audio subsystem. A remote attacker can create a specially crafted audio file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Security features bypass (CVE-ID: CVE-2021-30669)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic error in AppleScript. A local application can bypass Gatekeeper checks.
19) Files or Directories Accessible to External Parties (CVE-ID: CVE-2021-30688)
The vulnerability allows a malicious application to bypass implemented security restrictions.
The vulnerability exists due to improper file path validation within the App Store component. A malicious application can break out of its sandbox.
20) Security restrictions bypass (CVE-ID: CVE-2021-30676)
The vulnerability allows a local user to crash the system or read kernel memory.
The vulnerability exists due to application does not properly impose security restrictions within the AMD subsystem. A local user can trigger the system crash or read kernel memory.
21) Security restrictions bypass (CVE-ID: CVE-2021-30678)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to application does not properly impose security restrictions within the AMD subsystem. A remote attacker can crash the system or execute arbitrary code.
22) Buffer overflow (CVE-ID: CVE-2021-30701)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing image files in ImageIO. A remote attacker can create a specially crafted PICT image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Out-of-bounds read (CVE-ID: CVE-2021-30705)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted ASTC file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
24) Out-of-bounds read (CVE-ID: CVE-2021-30700)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
25) Out-of-bounds read (CVE-ID: CVE-2021-30687)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
26) Use-after-free (CVE-ID: CVE-2021-30683)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Heimdal. A malicious application can trigger use-after-free error and execute arbitrary code with elevated privileges.
27) Buffer overflow (CVE-ID: CVE-2021-30710)
The vulnerability allows a malicious application to disclose sensitive information.
The vulnerability exists due to a boundary error in Heimdal. A malicious application can trigger memory corruption and cause a denial of service or potentially disclose memory contents.
28) Information disclosure (CVE-ID: CVE-2021-30697)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Heimdal. A local user can gain unauthorized access to sensitive user information.
29) Out-of-bounds write (CVE-ID: CVE-2021-30735)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Graphics Drivers. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.
30) Buffer overflow (CVE-ID: CVE-2021-30684)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Graphics Drivers. A remote attacker can execute arbitrary code on the system.
31) Security restrictoins bypass (CVE-ID: CVE-2021-30673)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to application does not properly impose security restrictions in Dock component. A local application can bypass security restrictions and access user's call history.
32) Security restrictoins bypass (CVE-ID: CVE-2021-30724)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in CVMS. A local user can bypass security restrictions and escalate privileges on the system.
33) Out-of-bounds write (CVE-ID: CVE-2021-30726)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Intel Graphics Driver. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code on the target system with kernel privileges.
34) Out-of-bounds write (CVE-ID: CVE-2021-30728)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Intel Graphics Driver. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code on the target system with kernel privileges.
35) Out-of-bounds read (CVE-ID: CVE-2021-30719)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Intel Graphics Driver. A local user can run a specially crafted program to trigger an out-of-bounds read error and read contents of kernel memory on the system.
36) Security restrictions bypass (CVE-ID: CVE-2021-30679)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists in the NSOpenPanel due to application does not properly impose security restrictions. A local application can escalate privileges on the system.
37) Out-of-bounds write (CVE-ID: CVE-2021-30693)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Model I/O. A remote attacker can create a specially crafted image file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
38) Out-of-bounds write (CVE-ID: CVE-2021-30725)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Model I/O. A remote attacker can create a specially crafted USD file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
39) Out-of-bounds read (CVE-ID: CVE-2021-30709)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
40) Out-of-bounds read (CVE-ID: CVE-2021-30708)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
41) Out-of-bounds read (CVE-ID: CVE-2021-30695)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
42) Out-of-bounds read (CVE-ID: CVE-2021-30746)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
43) Out-of-bounds read (CVE-ID: CVE-2021-30694)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
44) Out-of-bounds read (CVE-ID: CVE-2021-30692)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
45) Out-of-bounds read (CVE-ID: CVE-2021-30691)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
46) Out-of-bounds read (CVE-ID: CVE-2021-30723)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
47) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2021-30696)
The vulnerability allows a remote attacker to perform MitM attack.
the vulnerability exists die to a logic issue in the Mail component. A remote attacker on the local network can perform MitM attack.
48) Security features bypass (CVE-ID: CVE-2021-30702)
The vulnerability allows a local attacker to bypass Login Window.
The vulnerability exists due to a logical issue in the Login Window. A local attacker with physical access to the system can bypass the Login Windows protection screen and gain unauthorized access to the system.
49) Security features bypass (CVE-ID: CVE-2021-30677)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic issue in LaunchServices. A local application can break out of its sandbox.
50) Security features bypass (CVE-ID: CVE-2021-30680)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists in the Kext Management subsystem. A local user can load unsigned kernel extensions.
51) Buffer overflow (CVE-ID: CVE-2021-30739)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in OS kernel subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
52) Buffer overflow (CVE-ID: CVE-2021-30736)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in OS kernel subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
53) Input validation error (CVE-ID: CVE-2021-30715)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in OS Kernel subsystem. A remote attacker can send a specially crafted message to he system and perform a denial of service (DoS) attack.
54) Security restrictions bypass (CVE-ID: CVE-2021-30704)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management in OS Kernel subsystem. A local user can execute arbitrary code on the system with kernel privileges.
55) Security restrictions bypass (CVE-ID: CVE-2021-30740)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management in OS Kernel subsystem. A local user can execute arbitrary code on the system with kernel privileges.
56) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-30671)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper permissions management in TCC. A local application can send unauthorized Apple events to Finder.
57) Improper access control (CVE-ID: CVE-2021-30718)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Software Update component. A local user can modify restricted settings.
58) Security features bypass (CVE-ID: CVE-2021-30668)
The vulnerability allows a local attacker to bypass the Login Window.
The vulnerability exists in the Software Update component. An attacker with physical access to the system can bypass the Login Windows during software update and gain unauthorized access to the system.
59) Information disclosure (CVE-ID: CVE-2021-30722)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in smbx. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
60) Input validation error (CVE-ID: CVE-2021-30721)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input when processing paths in smbx. A remote attacker on the local network can pass specially crafted input to the application and gain access to sensitive information.
61) Buffer overflow (CVE-ID: CVE-2021-30712)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in smbx. A remote attacker on the local network can send specially crafted data to the application, trigger memory corruption and execute arbitrary code on the system.
62) Buffer overflow (CVE-ID: CVE-2021-30717)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in smbx. A remote attacker on the local network can send specially crafted data to the application, trigger memory corruption and execute arbitrary code on the system.
63) Input validation error (CVE-ID: CVE-2021-30716)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in smbx. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
64) Buffer overflow (CVE-ID: CVE-2021-30737)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the ASN.1 decoder when processing TLS certificates. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption with a specially crafted TLS certificate and execute arbitrary code on the system.
65) UNIX Hard Link (CVE-ID: CVE-2021-30738)
The vulnerability allows a local application to overwrite arbitrary files.
The vulnerability exists due to path validation logic for hardlinks in PackageKit. A local application can overwrite arbitrary files on the system.
66) NULL pointer dereference (CVE-ID: CVE-2021-30698)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in webRTC. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
67) Security features bypass (CVE-ID: CVE-2021-30720)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in WebKit due to the way the component handles links to internal resources. A remote attacker can create a specially crafted web page and trick the application to connect to arbitrary internal addresses.
68) Buffer overflow (CVE-ID: CVE-2021-30734)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web oage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
69) Buffer overflow (CVE-ID: CVE-2021-30749)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the KeyframeEffect class in WebKit. A remote attacker can create a specially crafted web oage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
70) Universal cross-site scripting (CVE-ID: CVE-2021-30689)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
71) Information disclosure (CVE-ID: CVE-2021-30682)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in webKit. A remote attacker can gain unauthorized access to sensitive user information.
72) Use-after-free (CVE-ID: CVE-2021-21779)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
73) Universal cross-site scripting (CVE-ID: CVE-2021-30744)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
74) Security features bypass (CVE-ID: CVE-2021-30751)
The vulnerability allows a malicious application to bypass implemented security restrictions.
The vulnerability exists in the Sandbox feature. A malicious application can bypass certain Privacy preferences and gain access to sensitive information.
75) Out-of-bounds write (CVE-ID: CVE-2021-30771)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in FontParser component. A remote attacker can create a specially crafted document with an embedded malicious TTF font file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
76) Out-of-bounds read (CVE-ID: CVE-2021-30755)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the FontParser component. A remote attacker can create a specially crafted document with an embedded malicious font file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
77) Out-of-bounds read (CVE-ID: CVE-2021-30753)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreText subsystem when processing fonts. A remote attacker can create a specially crafted document with an embedded malicious font file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
78) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-30756)
The vulnerability allows a attacker to escalate privileges on the system.
The vulnerability exists due to improper permission check in the in Now Playing feature within the MediaRemote subsystem. An attacker with physical access to the system can observe Now Playing information from the lock screen.
79) Buffer overflow (CVE-ID: CVE-2021-30672)
The vulnerability allows a local application to escalate privilege son the system.
The vulnerability exists due to a boundary error within Bluetooth implementation. A local application can trigger memory corruption and execute arbitrary code on the target system with root privileges.
80) Double Free (CVE-ID: CVE-2021-30703)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel subsystem. A local user can trigger a double free error and execute arbitrary code with kernel privileges.
81) Out-of-bounds read (CVE-ID: CVE-2021-30706)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ImageIO framework. A remote attacker can create a specially crafted WEBP file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
82) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-30731)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions within the IOUSBHostFamily. A local unprivileged application can capture USB devices.
83) Out-of-bounds read (CVE-ID: CVE-2021-30733)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within CoreText. A remote attacker can create a specially crafted font file, trick the victim into opening it, trigger out-of-bounds read error and read contents of process memory.
Remediation
Install update from vendor's website.
References
- https://support.apple.com/en-us/HT212529
- https://www.zerodayinitiative.com/advisories/ZDI-21-756/
- https://www.zerodayinitiative.com/advisories/ZDI-21-757/
- https://www.zerodayinitiative.com/advisories/ZDI-21-765/
- https://www.zerodayinitiative.com/advisories/ZDI-21-785/
- https://www.zerodayinitiative.com/advisories/ZDI-21-792/
- https://www.zerodayinitiative.com/advisories/ZDI-21-793/
- https://www.zerodayinitiative.com/advisories/ZDI-21-769/
- https://www.zerodayinitiative.com/advisories/ZDI-21-794/
- https://www.zerodayinitiative.com/advisories/ZDI-21-770/
- https://www.zerodayinitiative.com/advisories/ZDI-21-763/
- https://www.zerodayinitiative.com/advisories/ZDI-21-795/
- https://www.zerodayinitiative.com/advisories/ZDI-21-766/
- https://www.zerodayinitiative.com/advisories/ZDI-21-767/
- https://www.zerodayinitiative.com/advisories/ZDI-21-764/
- https://www.zerodayinitiative.com/advisories/ZDI-21-791/
- https://www.zerodayinitiative.com/advisories/ZDI-21-762/
- https://www.zerodayinitiative.com/advisories/ZDI-21-760/
- https://www.zerodayinitiative.com/advisories/ZDI-21-759/
- https://www.zerodayinitiative.com/advisories/ZDI-21-796/
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1268
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1269
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1258
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1260
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1263
- https://www.zerodayinitiative.com/advisories/ZDI-21-790/
- https://www.zerodayinitiative.com/advisories/ZDI-21-761/
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1238
- https://www.zerodayinitiative.com/advisories/ZDI-22-377/