=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN457
_____________________________________________________________________

DATE                : 14/09/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): macOS Big Sur versions prior to 11.6,
                     macOS Catalina.

=====================================================================
https://support.apple.com/en-us/HT212804
https://support.apple.com/en-us/HT212805
_____________________________________________________________________


macOS Big Sur 11.6

Released September 13, 2021


CoreGraphics

Available for: macOS Big Sur

Impact: Processing a maliciously crafted PDF may lead to arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited.

Description: An integer overflow was addressed with improved input
validation.

CVE-2021-30860: The Citizen Lab


WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary
code execution. Apple is aware of a report that this issue may have been
actively exploited.

Description: A use after free issue was addressed with improved memory
management.

CVE-2021-30858: an anonymous researcher


Information about products not manufactured by Apple, or independent
websites not controlled or tested by Apple, is provided without
recommendation or endorsement. Apple assumes no responsibility with
regard to the selection, performance, or use of third-party websites or
products. Apple makes no representations regarding third-party website
accuracy or reliability. Contact the vendor for additional information.


Published Date: September 13, 2021

_______________________________________________________________________


Security Update 2021-005 Catalina

Released September 13, 2021

CoreGraphics

Available for: macOS Catalina

Impact: Processing a maliciously crafted PDF may lead to arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited.

Description: An integer overflow was addressed with improved input
validation.

CVE-2021-30860: The Citizen Lab

Information about products not manufactured by Apple, or independent
websites not controlled or tested by Apple, is provided without
recommendation or endorsement. Apple assumes no responsibility with
regard to the selection, performance, or use of third-party websites or
products. Apple makes no representations regarding third-party website
accuracy or reliability. Contact the vendor for additional information.


Published Date: September 13, 2021

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================