Multiple vulnerabilities in macOS
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 64 |
| CVE-ID | CVE-2021-1810 CVE-2021-1840 CVE-2021-1839 CVE-2021-1868 CVE-2021-1878 CVE-2021-1740 CVE-2021-1739 CVE-2021-1876 CVE-2021-1824 CVE-2021-1875 CVE-2021-30652 CVE-2021-1851 CVE-2021-1808 CVE-2021-1860 CVE-2021-1834 CVE-2021-1843 CVE-2021-1882 CVE-2021-1813 CVE-2020-27942 CVE-2021-1881 CVE-2021-1784 CVE-2021-1811 CVE-2021-1847 CVE-2021-1809 CVE-2021-1857 CVE-2021-1828 CVE-2020-3838 CVE-2021-1873 CVE-2020-8285 CVE-2020-8286 CVE-2020-8037 CVE-2021-1867 CVE-2021-1849 CVE-2021-1853 CVE-2021-30661 CVE-2021-30657 CVE-2021-1846 CVE-2021-30659 CVE-2021-1872 CVE-2021-1883 CVE-2021-1884 CVE-2021-1885 CVE-2021-1814 CVE-2021-30653 CVE-2021-1880 CVE-2021-1841 CVE-2021-30658 CVE-2021-1858 CVE-2021-1855 CVE-2021-1861 CVE-2021-1815 CVE-2021-1859 CVE-2021-30660 CVE-2021-1832 CVE-2021-30655 CVE-2021-1829 CVE-2021-1817 CVE-2021-1820 CVE-2021-1826 CVE-2021-30664 CVE-2020-7463 CVE-2020-8284 CVE-2021-1825 CVE-2021-30745 |
| CWE-ID | CWE-264 CWE-119 CWE-190 CWE-20 CWE-416 CWE-415 CWE-362 CWE-125 CWE-787 CWE-665 CWE-674 CWE-299 CWE-770 CWE-347 CWE-254 CWE-200 CWE-399 CWE-122 CWE-413 CWE-277 CWE-843 CWE-79 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #5 is available. Vulnerability #35 is being exploited in the wild. Vulnerability #36 is being exploited in the wild. |
| Vulnerable software Subscribe |
macOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 64 vulnerabilities.
Updated: 28.04.2021
Added additional information about vulnerabilities, raised risk level of the bulletin to address in the wild exploitation of vulnerabilities #35-59.
Updated: 20.05.2021
Added vulnerability #60-63.
Updated: 21.05.2021
Added vulnerability #64.
1) Security restrictions bypass
EUVDB-ID: #VU52598
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1810
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions within the archiving utility. A local user can bypass Gatekeeper checks and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.15 19A583 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU52620
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1840
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within macOS kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU52631
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1839
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the Time Machine component does not properly impose security restrictions. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security restrictions bypass
EUVDB-ID: #VU52630
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1868
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the Tailspin component does not properly impose security restrictions. A local user can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer overflow
EUVDB-ID: #VU52628
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-1878
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to integer overflow within the smbx component. A remote attacker on the local network can send specially crafted traffic to the system and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Input validation error
EUVDB-ID: #VU52627
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1740
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to insufficient validation of directory paths.
A local user can modify protected parts of the filesystem.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.15 19A583 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU52626
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1739
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of directory paths. A local user can modify protected parts of the filesystem.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU52625
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1876
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing web content within the NSRemoteView component. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU52623
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1824
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive
The vulnerability exists due to system does not properly impose security restrictions within the Login Window component in macOS. A malicious application with root privileges can access private information.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.15 19A583 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Double Free
EUVDB-ID: #VU52622
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1875
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a double free error when processing files within the libxslt library. A remote attacker can trick the victim to open a specially crafted file, trigger heap corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Race condition
EUVDB-ID: #VU52621
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30652
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the libxpc library. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU52619
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1851
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within macOS kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU52599
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1808
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Audio component. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU52617
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1860
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within macOS kernel. A local user can run a specially crafted program to trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds write
EUVDB-ID: #VU52616
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1834
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Intel Graphics Driver component. A local user can run a specially create program to trigger an out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
http://www.zerodayinitiative.com/advisories/ZDI-21-596/
http://www.zerodayinitiative.com/advisories/ZDI-21-595/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU52615
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1843
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the ImageIO component. A remote attacker can create a specially crafted image, trick the victim into opening it and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU52614
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1882
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Foundation component. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with root privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.15 19A583 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Security restrictions bypass
EUVDB-ID: #VU52612
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1813
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the Foundation component does not properly impose security restrictions. A local user can run a specially crafted program to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Race condition
EUVDB-ID: #VU52610
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27942
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system
The vulnerability exists due to a race condition within the FontParser component when processing font files. A remote attacker can create a specially crafted font file, trick the victim to open a specially crafted document or a web page with it, and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 10.15.7 19H524
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds write
EUVDB-ID: #VU52609
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1881
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing font files within the GetFDIndex function in libFontParser. A remote attacker can create a specially crafted OTF font, trick the victim into a document of a web page with the malicious font, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
http://www.zerodayinitiative.com/advisories/ZDI-21-600/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU52607
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1784
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to system does properly perform ownership checks within the DiskArbitration component. A local user can modify protected parts of the filesystem and escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU52605
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1811
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreText component when processing specially crafted font files. A remote attacker can create a specially crafted font file, trick the victim into opening a document or a web page that contains the malicious font, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Buffer overflow
EUVDB-ID: #VU52604
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1847
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the CoreGraphics component. A remote attacker can create a specially crafted filet, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU52603
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1809
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreAudio component. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Improper Initialization
EUVDB-ID: #VU52600
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1857
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper initialization within the CFNetwork component when processing crafted web content. A remote attacker can trick the victim to open a specially crafted webpage, trigger memory corruption and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.14 18A391 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Buffer overflow
EUVDB-ID: #VU52633
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1828
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the WiF component. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.14.1 18B2107 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Security restrictions bypass
EUVDB-ID: #VU52634
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-3838
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privilege son the system.
The vulnerability exists within the wifivelocityd component. A local user can run a specially crafted application to escalate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.14.1 18B2107 - 10.15.7 19H524
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU52636
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1873
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in the Windows Server component within API implementation, related to
Accessibility TCC permissions. A local user can obtain credentials from secure text fields.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 10.14.1 18B2107 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Uncontrolled Recursion
EUVDB-ID: #VU48894
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8285
CWE-ID:
CWE-674 - Uncontrolled Recursion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due tu uncontrolled recursion when processing FTP responses within the wildcard matching functionality, which allows a callback (set
with <a href="https://curl.se/libcurl/c/CURLOPT_CHUNK_BGN_FUNCTION.html">CURLOPT_CHUNK_BGN_FUNCTION</a>) to return information back to libcurl on
how to handle a specific entry in a directory when libcurl iterates over a
list of all available entries. A remote attacker who controls the malicious FTP server can trick the victim to connect to it and crash the application, which is using the affected libcurl version.
Install update form vendor's website.
macOS: 10.14.1 18B2107 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper Check for Certificate Revocation
EUVDB-ID: #VU48895
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8286
CWE-ID:
CWE-299 - Improper Check for Certificate Revocation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrectly implemented checks for OCSP stapling. A remote attacker can provide a fraudulent OCSP response that would appear fine, instead of the real one.
MitigationInstall update from vendor's website.
macOS: 10.14.1 18B2107 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU48587
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8037
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
MitigationInstall update from vendor's website.
macOS: 10.14.1 18B2107 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU52648
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1867
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input within the Apple Neural Engine component. A local application can trigger an out-of-bounds read and execute arbitrary code on the target system with kernel privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU52647
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1849
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to bypass implemented security restrictions.
The vulnerability exists due to improper signature validation with in the AppleMobileFileIntegrity component. A malicious application can bypass Privacy preferences.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU52646
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1853
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permissions management within the APFS component. A local user can run a specially crafted application to escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU52652
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-30661
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing web content within the WebKit Storage component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
36) Security features bypass
EUVDB-ID: #VU52653
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-30657
CWE-ID:
CWE-254 - Security Features
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a logic issue within the Gatekeeper checks. A remote attacker can craft a specially crafted payload that is not checked by Gatekeeper and bypasses File Quarantine and Application Notarization protections as well. As a result, a malicious binary can be executed on the system.
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
http://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
37) Out-of-bounds read
EUVDB-ID: #VU52654
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1846
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreAudio component. A remote attacker can create a specially crafted audio file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Information disclosure
EUVDB-ID: #VU52655
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30659
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a validation issue within the CoreFoundation component. A malicious application can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Resource management error
EUVDB-ID: #VU52656
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1872
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources within FaceTime when muting a CallKit call, which results in muting not being enabled while ringing. A remote attacker can eavesdrop on conversation.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Heap-based buffer overflow
EUVDB-ID: #VU52657
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1883
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heimdal when processing server messages. A remote attacker can trick the user to connect to a malicious server, send a specially crafted message, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Race condition
EUVDB-ID: #VU52658
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1884
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a race condition in Heimdal. A remote attacker can crash the application.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU52662
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1885
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition within the ImageIO component. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds read
EUVDB-ID: #VU52661
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1814
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ImageIO framework. A remote attacker can create a specially crafted DDS image, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
http://www.zerodayinitiative.com/advisories/ZDI-21-598/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Input validation error
EUVDB-ID: #VU52660
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30653
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the ImageIO component A remote attacker can trick the victim to open a specially crafted image and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Input validation error
EUVDB-ID: #VU52659
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1880
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the ImageIO component A remote attacker can trick the victim to open a specially crafted image and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Out-of-bounds write
EUVDB-ID: #VU52665
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1841
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Intel Graphics Driver component. A local user can run a specially crafted program to trigger out-of-bounds write and execute arbitrary code on the target system with kernel privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Input validation error
EUVDB-ID: #VU52664
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30658
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions
The vulnerability exists due to insufficient validation of user-supplied input within the Installer component when handling metadata. A remote attacker can bypass Gatekeeper checks and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Out-of-bounds read
EUVDB-ID: #VU52663
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1858
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the DecodeRow function in ImageIO. A remote attacker can create a specially crafted KTX image, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
http://www.zerodayinitiative.com/advisories/ZDI-21-599/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Resource management error
EUVDB-ID: #VU52671
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1855
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform unnecessary network connections.
The vulnerability exists due to improper management of internal resources within Safari on macOS. A remote attacker can create a specially crafted website and force unnecessary network connections to fetch its favicon.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Improper Resource Locking
EUVDB-ID: #VU52670
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1861
CWE-ID:
CWE-413 - Improper Resource Locking
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the way cache occupancy is handled in Safari on macOS. A remote attacker can track users on the internet by setting state in a cache.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Input validation error
EUVDB-ID: #VU52669
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1815
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of directory paths. A local user can modify protected parts of the filesystem.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Security restrictions bypass
EUVDB-ID: #VU52668
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1859
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to Locked Notes content can be unexpectedly unlocked. A local user can gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Out-of-bounds read
EUVDB-ID: #VU52667
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30660
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within kernel. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of kernel memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Insecure Inherited Permissions
EUVDB-ID: #VU52666
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1832
CWE-ID:
CWE-277 - Insecure inherited permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the kernel component, as copied files may not have the expected file permissions. A local user can abuse such behavior to elevate privileges on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Security restrictions bypass
EUVDB-ID: #VU52676
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30655
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions within the WiFi component. A local application can execute arbitrary code with system privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Type Confusion
EUVDB-ID: #VU52675
Risk: Medium
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1829
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileged on the system.
The vulnerability exists due to a type confusion error within the WiFi component. A local application can execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Buffer overflow
EUVDB-ID: #VU52674
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1817
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper Initialization
EUVDB-ID: #VU52673
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1820
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper memory initialization in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it and disclose contents of process memory.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Universal cross-site scripting
EUVDB-ID: #VU52672
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1826
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Out-of-bounds write
EUVDB-ID: #VU53401
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30664
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in CoreAudio component. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use-after-free
EUVDB-ID: #VU46227
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7463
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when processing SCTP messages. A local user can send large user messages from multiple threads on the same socket., trigger a use-after-free error and crash the system.
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Information disclosure
EUVDB-ID: #VU48893
Risk: Medium
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8284
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way cURL handles PASV responses. A remote attacker with control over malicious FTP server can use the PASV response to trick curl into connecting
back to a given IP address and port, and this way potentially make curl
extract information about services that are otherwise private and not
disclosed, for example doing port scanning and service banner extractions.
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Universal cross-site scripting
EUVDB-ID: #VU52643
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1825
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.2.3 20D91
External linkshttp://support.apple.com/en-us/HT212325
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Type Confusion
EUVDB-ID: #VU53404
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30745
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error within the QuartzCore Framework. A local user can run a specially crafted program to trigger a type confusion error and execute arbitrary code on the system in the context of WindowServer.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 10.15 19A583 - 10.15.7 19H524
External linkshttp://www.zerodayinitiative.com/advisories/ZDI-21-597/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
