SB2021091319 - Multiple vulnerabilities in Apple macOS Big Sur
Published: September 13, 2021 Updated: March 25, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 32 secuirty vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2021-30860)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.
Note, the vulnerability is being active exploited in-the-wild via the FORCEDENTRY tool against Bahraini activists.
2) Use-after-free (CVE-ID: CVE-2021-30858)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in-the-wild.
3) Out-of-bounds read (CVE-ID: CVE-2021-30845)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the SMB subsystem. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
4) Input validation error (CVE-ID: CVE-2021-30829)
The vulnerability allows a local user to execute arbitrary files with elevated privileges.
The vulnerability exists due to insufficient validation of user-supplied input while parsing URI in CUPS subsystem. A local user can execute arbitrary files on the system.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-30828)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions in CUPS subsystem. A local user can read arbitrary files with root privileges.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-30827)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions in CUPS. A local user can execute arbitrary code on the system with elevated privileges.
7) Memory leak (CVE-ID: CVE-2021-30844)
The vulnerability allows a local user to perform DoS attack.
The vulnerability exists due memory leak within the SMB subsystem. A local user can force the application to leak memory and perform denial of service attack.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-30850)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the Sandbox subsystem. A local user can gain access to protected parts of the file system.
9) Type Confusion (CVE-ID: CVE-2021-30859)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error within the OS kernel subsystem. A local user can run a specially crafted application to trigger a type confusion error and execute arbitrary code with kernel privileges.
10) Out-of-bounds read (CVE-ID: CVE-2021-30865)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the OS kernel subsystem. A local user can trigger an out-of-bounds read error and execute arbitrary code with kernel privileges.
11) Buffer overflow (CVE-ID: CVE-2021-30830)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with root privileges.
12) Security restrictions bypass (CVE-ID: CVE-2021-30853)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists in Gatekeeper due to improperly imposed security restrictions. A local application can bypass Gatekeeper checks.
13) Use-after-free (CVE-ID: CVE-2021-30832)
The vulnerability allows a local user to escalate privileges on the system.
14) Resource exhaustion (CVE-ID: CVE-2013-0340)
The vulnerability allows remote attackers to cause a denial of service attack.
The vulnerability exists due to insufficient validation of user-supplied input within the expat library, when processing XML files. A remote attacker can pass specially crafted XML content to the affected library and perform a denial of service (DoS) attack.15) Use of Uninitialized Variable (CVE-ID: CVE-2021-22925)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.
16) Buffer overflow (CVE-ID: CVE-2021-30841)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing font files within FontParser. A remote attacker can create a specially crafted document or a web page with a malicious font, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Buffer overflow (CVE-ID: CVE-2021-30842)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing font files within FontParser. A remote attacker can create a specially crafted document or a web page with a malicious font, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Buffer overflow (CVE-ID: CVE-2021-30843)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing font files within FontParser. A remote attacker can create a specially crafted document or a web page with a malicious font, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Buffer overflow (CVE-ID: CVE-2021-30847)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing images within ImageIO. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) UNIX symbolic link following (CVE-ID: CVE-2021-30855)
The vulnerability allows a local application to gain access to otherwise restricted functionality.
The vulnerability exists due to a symlink following issue in Preferences. A local application can create a specially crafted symbolic link to a critical file on the system and access restricted files.
21) Race condition (CVE-ID: CVE-2021-30857)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition with the OS kernel component. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
22) Information disclosure (CVE-ID: CVE-2021-30811)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to unspecified error within AppleMobileFileIntegrity. A local application can gain unauthorized access to sensitive information on the system.
23) Out-of-bounds read (CVE-ID: CVE-2021-30819)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing USD images within the Model I/O subsystem. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
24) Input validation error (CVE-ID: CVE-2021-30834)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the CoreAudio subsystem. A remote attacker can trick the victim to open a specially crafted audio file and execute arbitrary code on the system.
25) Buffer overflow (CVE-ID: CVE-2021-30835)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing images within ImageIO. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Buffer overflow (CVE-ID: CVE-2021-30838)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Accessory Manager. A local application can trigger memory corruption and execute arbitrary code with system privileges on devices with an Apple Neural Engine
27) Security restrictions bypass (CVE-ID: CVE-2021-30864)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists in the LaunchServices subsystem. A sandboxed process is able to circumvent sandbox restrictions and gain unauthorized access to the system.
28) Security features bypass (CVE-ID: CVE-2021-30925)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to incorrect permissions logic in Sandbox. A malicious application can bypass Privacy preferences and gain access to sensitive information.
29) Buffer overflow (CVE-ID: CVE-2021-30928)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing image files in CoreGraphics component. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
30) Deserialization of Untrusted Data (CVE-ID: CVE-2021-31010)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to insecure input validation when processing serialized data within the Core Telephony service. A local application can pass specially crafted data to the service and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
31) Security restrictions bypass (CVE-ID: CVE-2021-30813)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists in the Login Window implementation. A person with access to a host Mac is able to bypass the Login Window in Remote Desktop for a locked instance of macOS.
32) Race condition (CVE-ID: CVE-2021-30933)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in Graphics Drivers. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
Remediation
Install update from vendor's website.