SB2021102713 - Multiple vulnerabilities in macOS Monterey
Published: October 27, 2021 Updated: February 13, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 71 secuirty vulnerabilities.
1) State Issues (CVE-ID: CVE-2021-30873)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a state management issue within the AppKit component. A local user can run a specially crafted program to escalate privileges on the system.
2) State Issues (CVE-ID: CVE-2021-30915)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists in the UIKit. An attacker with physical access to the affected system can determine characteristics of a user's password in a secure text entry field and gain unauthorized access to the system.
3) Security restrictions bypass (CVE-ID: CVE-2021-30813)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists in the Login Window implementation. A person with access to a host Mac is able to bypass the Login Window in Remote Desktop for a locked instance of macOS.
4) Out-of-bounds read (CVE-ID: CVE-2021-30910)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Model I/O subsystem. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
5) Out-of-bounds read (CVE-ID: CVE-2021-30911)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
6) Improper access control (CVE-ID: CVE-2021-30920)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to incorrect permissions checks in Sandbox subsystem. A local user can gain access to sensitive information.7) Race condition (CVE-ID: CVE-2021-30868)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in SMB component. A malicious application can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-30912)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists in SoftwareUpdate subsystem. A local user can gain access to a user's Keychain items and obtain sensitive information.
9) Security restrictions bypass (CVE-ID: CVE-2021-30913)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the SoftwareUpdate subsystem. A malicious application is able to edit the NVRAM variables and gain unauthorized access to the system.
10) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2021-30823)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists in WebKit. A remote attacker can bypass HSTS and perform MitM attack.
11) Buffer overflow (CVE-ID: CVE-2021-30916)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the macOS kernel subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.
12) Security restrictions bypass (CVE-ID: CVE-2021-30887)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due an error within the WebKit component. A remote attacker can trick the victim to open a specially crafted website and bypass Content Security Policy restrictions.
13) Information disclosure (CVE-ID: CVE-2021-30888)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in WebKit. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior.
14) Buffer overflow (CVE-ID: CVE-2021-30889)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Security restrictions bypass (CVE-ID: CVE-2021-30861)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists improper permissions checks in WebKit. A remote attacker can bypass Gatekeeper checks and gain access to sensitive information.
16) Universal Cross-site scripting (CVE-ID: CVE-2021-30890)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in WebKLit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
17) Information disclosure (CVE-ID: CVE-2021-30908)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the Windows Server component. A local user can view the previous logged-in user’s desktop from the fast user switching screen.
18) Input validation error (CVE-ID: CVE-2021-30833)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing xar archives. A remote attacker can create a specially crafted .xar archive, trick the victim into opening it and overwrite arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
19) Insecure Inherited Permissions (CVE-ID: CVE-2021-30892)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the zsh component in macOS due to incorrectly inherited permissions. A local user can modify protected parts of the file system.
20) Security restrictions bypass (CVE-ID: CVE-2021-30864)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists in the LaunchServices subsystem. A sandboxed process is able to circumvent sandbox restrictions and gain unauthorized access to the system.
21) Buffer overflow (CVE-ID: CVE-2021-30909)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the macOS kernel subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.
22) Out-of-bounds read (CVE-ID: CVE-2021-30876)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in AppleScript. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
23) Out-of-bounds read (CVE-ID: CVE-2021-30905)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreAudio subsystem. A remote attacker can create a specially crafted audio file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
24) Out-of-bounds read (CVE-ID: CVE-2021-30879)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in AppleScript. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
25) Out-of-bounds read (CVE-ID: CVE-2021-30877)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in AppleScript. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
26) Out-of-bounds read (CVE-ID: CVE-2021-30880)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in AppleScript. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
27) Integer overflow (CVE-ID: CVE-2021-30907)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in the Audio component. A malicious application can trigger integer overflow and execute arbitrary code with elevated privileges.
28) Race condition (CVE-ID: CVE-2021-30899)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in the Bluetooth subsystem. A malicious application can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
29) Buffer overflow (CVE-ID: CVE-2021-30917)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing ICC profiles in ColorSync subsystem. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
30) Input validation error (CVE-ID: CVE-2021-30903)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Continuity Camera component. A local user can pass specially crafted input to the application and escalate privileges on the system.
31) Out-of-bounds write (CVE-ID: CVE-2021-30919)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within the CoreGraphics subsystem when processing PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
32) Use-after-free (CVE-ID: CVE-2021-30886)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the macOS kernel. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with kernel privileges.
33) Input validation error (CVE-ID: CVE-2021-30881)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in FileProvider. A remote attacker trick the victim to open a specially crafted archive and execute arbitrary code on the system.
34) Information disclosure (CVE-ID: CVE-2021-30895)
The vulnerability allows a malicious application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Game Center. A malicious application can gain unauthorized access to user's contacts.
35) Information disclosure (CVE-ID: CVE-2021-30896)
The vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Game Center. A malicious application can gain unauthorized access to user's gameplay data.
36) Security restrictions bypass (CVE-ID: CVE-2021-30906)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due improper permissions checks in iCloud. A local user can bypass security restrictions bypass and escalate privileges on the system.
37) Buffer overflow (CVE-ID: CVE-2021-30824)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Intel Graphics Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.
38) Out-of-bounds write (CVE-ID: CVE-2021-30901)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in the Intel Graphics Driver. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code on the system with kernel privileges.
39) Buffer overflow (CVE-ID: CVE-2021-30821)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the IOGraphics subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.
40) Integer overflow (CVE-ID: CVE-2021-30883)
The vulnerability allows a malicious application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the IOMobileFrameBuffer subsystem. A malicious application can trigger integer overflow and execute arbitrary code on with kernel privileges.
Note, the vulnerability is being actively exploited in the wild.
41) State Issues (CVE-ID: CVE-2021-30924)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to state handling issues within the macOS kernel. A remote attacker can send specially crafted traffic to the system and perform a denial of service (DoS) attack.
42) Information disclosure (CVE-ID: CVE-2021-30931)
The vulnerability allows a local user to read kernel memory.
The vulnerability exists due to a logic error in the Bluetooth subsystem. A local user can read parts of kernel memory.
43) Information disclosure (CVE-ID: CVE-2021-30897)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the WebKit specification for the resource timing API. A remote attacker can exfiltrate cross-origin data, if the victim visits a specially crafted website.
44) Race condition (CVE-ID: CVE-2021-30923)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the File System component. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
45) Information disclosure (CVE-ID: CVE-2021-30866)
The vulnerability allows a remote attacker to track users.
The vulnerability exists due to excessive data output in the bootp subsystem, as the daemon broadcasts user's MAC address. A remote attacker can track users by their WiFi MAC address.
46) State Issues (CVE-ID: CVE-2021-30904)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in the iMessage due to software continues to sync even after successful log out. This leads to message being sent to the system where the user was previously logged in.
47) State Issues (CVE-ID: CVE-2021-30930)
The vulnerability allows a remote attacker to track users through their IP address.
The vulnerability exists due to a logic issue in WebRTC implementation. A remote attacker can track users through their IP address.
48) Security features bypass (CVE-ID: CVE-2021-30808)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists in Sandbox implementation. A local application can bypass sandbox restrictions and modify protected parts of the file system.
49) Use-after-free (CVE-ID: CVE-2021-30809)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
50) Buffer overflow (CVE-ID: CVE-2021-30814)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing images within the ImageIO subsystem. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
51) Type Confusion (CVE-ID: CVE-2021-30818)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
52) Out-of-bounds read (CVE-ID: CVE-2021-30831)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the FontParser subsystem. A remote attacker can trick the victim to open a specially crafted website or document, trigger an out-of-bounds read error and read contents of memory on the system.
53) Out-of-bounds read (CVE-ID: CVE-2021-30836)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
54) Buffer overflow (CVE-ID: CVE-2021-30840)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing fonts in the FontParser subsystem. A remote attacker can create a specially crafted document or web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
55) Memory corruption (CVE-ID: CVE-2021-30846)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
56) Memory corruption (CVE-ID: CVE-2021-30848)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
57) Memory corruption (CVE-ID: CVE-2021-30849)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
58) Memory corruption (CVE-ID: CVE-2021-30851)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
59) Type Confusion (CVE-ID: CVE-2021-30852)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in the Foundation subsystem. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
60) Improper Authorization (CVE-ID: CVE-2021-30867)
The vulnerability allows a local application to gain access to restricted functionality.
The vulnerability exists due to improper authorization checks in iCloud Photo Library. A local application without permissions to access photos can access photo metadata.
61) Improper Authorization (CVE-ID: CVE-2021-30874)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists in NetworkExtension subsystem due to missing permissions checks. A local application can install a VPN configuration without having necessary permissions.
62) Information disclosure (CVE-ID: CVE-2021-30884)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the WebKit component when processing CSS files. A remote attacker can trick the victim to open a specially crafted website and obtain user's browsing history.
63) Type Confusion (CVE-ID: CVE-2021-31008)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to open a specially crafted webpage, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
64) Security features bypass (CVE-ID: CVE-2021-31005)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists within the "Block all remote content" option in WebKit, which may not apply to all remote content types. A remote attacker can bypass implemented security restrictions.
65) Race condition (CVE-ID: CVE-2021-30933)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in Graphics Drivers. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
66) Race condition (CVE-ID: CVE-2021-31004)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within Security feature. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
67) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-30994)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to App Store does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
68) Improper access control (CVE-ID: CVE-2020-9846)
The vulnerability allows a malicious application to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the Directory Utility. A local application can access local users' Apple IDs.
69) Buffer overflow (CVE-ID: CVE-2021-30922)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Intel Graphics Driver. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
70) Out-of-bounds read (CVE-ID: CVE-2021-31002)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary condition in SMB implementation. A local application can trigger an out-of-bounds read error and execute arbitrary code with system privileges.
71) Information disclosure (CVE-ID: CVE-2021-31011)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to unspecified vulnerability in Managed Configuration. A remote attacker on the local network can gain access to sensitive information.
Remediation
Install update from vendor's website.