lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <9FA6E692-F63B-4C48-B32B-60B75839C0AF@lists.apple.com>
Date: Tue, 25 May 2021 15:21:23 -0700
From: Apple Product Security via Fulldisclosure <fulldisclosure@...lists.org>
To: security-announce@...ts.apple.com
Subject: [FD] APPLE-SA-2021-05-25-2 macOS Big Sur 11.4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-05-25-2 macOS Big Sur 11.4

macOS Big Sur 11.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212529.

AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America

AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw

App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division

AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann

Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative

Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro

Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)

CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro

Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga

CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate  their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro

Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)

Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab

Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative

Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)

Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)

Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)

ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360

ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security

ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security

ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security

Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing
the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero
Day Initiative

Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team

Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)

Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher

Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)

Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero

Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab

Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security

LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)

Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.

Mail
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
misrepresent application state
Description: A logic issue was addressed with improved state
management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster
University of Applied Sciences

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro

NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)

OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229

PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue with path validation logic for hardlinks was
addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl
(@theevilbit) of Offensive Security

Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub

smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos

smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos

smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos

smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos

smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos

Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass
Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro

SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted
settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security

TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)

TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences. Apple is aware of a report that this issue may have been
actively exploited.
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30713: an anonymous researcher

WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop

WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos

WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath

WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher

WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative

WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)

WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google

Additional recognition

App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.

CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.

ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.

Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.

WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.

Installation note:

This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q
vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ
8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o
muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3
CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM
hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv
esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB
mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ
rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa
WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98
od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk=
=Avma
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ