Apple Security Advisory 2021-05-25-4 - Security Update 2021-003 Catalina addresses bypass, code execution, denial of service, heap corruption, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
9524a5dad710311e201032f67e048422d6a0e4bebce049e523c4d25baffbb535
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-4 Security Update 2021-003 Catalina
Security Update 2021-003 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212530.
AMD
Available for: macOS Catalina
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
AMD
Available for: macOS Catalina
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
AppleScript
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Audio
Available for: macOS Catalina
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Core Services
Available for: macOS Catalina
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CVMS
Available for: macOS Catalina
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Catalina
Impact: A malicious application may be able to access a user's call
history
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Catalina
Impact: A remote attacker may cause an unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Heimdal
Available for: macOS Catalina
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: Processing maliciously crafted server messages may lead to
heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30743: CFF of Topsec Alpha Team, an anonymous researcher,
and Jeonghoon Shin(@singi21a) of THEORI working with Trend Micro Zero
Day Initiative
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Catalina
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Login Window
Available for: macOS Catalina
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Catalina
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36229
CVE-2020-36225
CVE-2020-36224
CVE-2020-36223
CVE-2020-36227
CVE-2020-36228
CVE-2020-36221
CVE-2020-36222
CVE-2020-36230
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
TCC
Available for: macOS Catalina
Impact: A malicious application may be able to send unauthorized
Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research
Division for their assistance.
CFString
We would like to acknowledge an anonymous researcher for their
assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9EACgkQZcsbuWJ6
jjD30A//Y8naJNtsWjb81/k7PogzAk9k+9JXaW42pICvHllxSybcOt+hH8p59vsc
UaNjdJOLjkkG0R4yRR0yU9vDlMu+cXmexmhMb8+dQ49PDjOXu4yqFXOUhezohGCP
THgTqgTX5iItY57uF/AQfPpZK1zC39xBPfWbtRVNkzGkHX/OEoI1VheK1gXaZcDv
q35GpiB3N28M+5U0sn4rqhNyQobNltCtAx/EEbDmfT+m7EwSuDYiCuH/bEQM0tzB
dpLAp0w9Tjrz4R/FwyYpZolEUKyNEwHCHRLCg4djWz/cZJvQB4zjXQ6rjkJ0tUPT
Hsb+c7JH/DNFZHD33V1xVEvsZCZNEyozZiRCwe0/yNrS8I5fPUUC7mCBMAIoOnrJ
EqfOOq57M5w0s5IFFBwHWDUuVxW4ZjGjUlqNCcWVnET7iwgen0edfw3b8ErVKyFs
OQkQmoyqaWzNHhcdZ3M7outWMFyVptIK013akfyH1kWjp8SElXq7+bF3eprE/FSI
bqhqLtEFfmolRnHU0XP/wD5BxU1hAjVnnclBE7/R0gda2MlJ1XSHX0gRtrOsmw8K
L8uGTk+xzYL6YXUrH3UBkrytxEpfGrIjvctIc1OOFlN6883nSceWHFCF6v/1UiMJ
ioqUKtHryoL4nRpeepEHQU4VknDa6MFnieEOOpsNdforVJKwdkAƶ1C
-----END PGP SIGNATURE-----