===================================================================== CERT-Renater Note d'Information No. 2021/VULN378 _____________________________________________________________________ DATE : 22/07/2021 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): macOS versions prior to Big Sur 11.5. ===================================================================== https://support.apple.com/HT212602 _____________________________________________________________________ APPLE-SA-2021-07-21-2 macOS Big Sur 11.5 macOS Big Sur 11.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212602. AMD Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2021-30805: ABC Research s.r.o AppKit Available for: macOS Big Sur Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day Initiative Audio Available for: macOS Big Sur Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30781: tr3e AVEVideoEncoder Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30748: George Nosenko CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: macOS Big Sur Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A logic issue was addressed with improved validation. CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab CoreGraphics Available for: macOS Big Sur Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A race condition was addressed with improved state handling. CVE-2021-30786: ryuzaki CoreServices Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: This issue was addressed with improved checks. CVE-2021-30772: Zhongcheng Li (CK01) CoreServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improved access restrictions. CVE-2021-30783: Ron Waisberg (@epsilan) CoreStorage Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: An injection issue was addressed with improved validation. CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc CoreText Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of Knownsec 404 team Crash Reporter Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2021-30774: Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications dyld Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved validation. CVE-2021-30768: Linus Henze (pinauten.de) FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2021-30760: Sunglin of Knownsec 404 team FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative Identity Services Available for: macOS Big Sur Impact: A malicious application may be able to access a user?s recent Contacts Description: A permissions issue was addressed with improved validation. CVE-2021-30803: Csaba Fitzl (@theevilbit) of Offensive Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of Trend Micro Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2021-30787: Anonymous working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30766: Liu Long of Ant Security Light-Year Lab CVE-2021-30765: Liu Long of Ant Security Light-Year Lab IOKit Available for: macOS Big Sur Impact: A local attacker may be able to execute code on the Apple T2 Security Chip Description: Multiple issues were addressed with improved logic. CVE-2021-30784: George Nosenko Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab Kext Management Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed with improved entitlements. CVE-2021-30778: Csaba Fitzl (@theevilbit) of Offensive Security libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-3518 Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved validation. CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30792: Anonymous working with Trend Micro Zero Day Initiative Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30791: Anonymous working with Trend Micro Zero Day Initiative Sandbox Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved checks. CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-30758: Christoph Guttandin of Media Codings WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30795: Sergei Glazunov of Google Project Zero WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to code execution Description: This issue was addressed with improved checks. CVE-2021-30797: Ivan Fratric of Google Project Zero WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30799: Sergei Glazunov of Google Project Zero Additional recognition configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. CoreText We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. crontabs We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Spotlight We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Installation note: This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================