Multiple vulnerabilities in macOS



| Updated: 2023-10-28
Risk Critical
Patch available YES
Number of vulnerabilities 64
CVE-ID CVE-2021-1810
CVE-2021-1840
CVE-2021-1839
CVE-2021-1868
CVE-2021-1878
CVE-2021-1740
CVE-2021-1739
CVE-2021-1876
CVE-2021-1824
CVE-2021-1875
CVE-2021-30652
CVE-2021-1851
CVE-2021-1808
CVE-2021-1860
CVE-2021-1834
CVE-2021-1843
CVE-2021-1882
CVE-2021-1813
CVE-2020-27942
CVE-2021-1881
CVE-2021-1784
CVE-2021-1811
CVE-2021-1847
CVE-2021-1809
CVE-2021-1857
CVE-2021-1828
CVE-2020-3838
CVE-2021-1873
CVE-2020-8285
CVE-2020-8286
CVE-2020-8037
CVE-2021-1867
CVE-2021-1849
CVE-2021-1853
CVE-2021-30661
CVE-2021-30657
CVE-2021-1846
CVE-2021-30659
CVE-2021-1872
CVE-2021-1883
CVE-2021-1884
CVE-2021-1885
CVE-2021-1814
CVE-2021-30653
CVE-2021-1880
CVE-2021-1841
CVE-2021-30658
CVE-2021-1858
CVE-2021-1855
CVE-2021-1861
CVE-2021-1815
CVE-2021-1859
CVE-2021-30660
CVE-2021-1832
CVE-2021-30655
CVE-2021-1829
CVE-2021-1817
CVE-2021-1820
CVE-2021-1826
CVE-2021-30664
CVE-2020-7463
CVE-2020-8284
CVE-2021-1825
CVE-2021-30745
CWE-ID CWE-264
CWE-119
CWE-190
CWE-20
CWE-416
CWE-415
CWE-362
CWE-125
CWE-787
CWE-665
CWE-674
CWE-299
CWE-770
CWE-347
CWE-254
CWE-200
CWE-399
CWE-122
CWE-413
CWE-277
CWE-843
CWE-79
Exploitation vector Network
Public exploit Public exploit code for vulnerability #5 is available.
Vulnerability #35 is being exploited in the wild.
Vulnerability #36 is being exploited in the wild.
Vulnerable software
macOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 64 vulnerabilities.

Updated: 28.04.2021

Added additional information about vulnerabilities, raised risk level of the bulletin to address in the wild exploitation of vulnerabilities #35-59.

Updated: 20.05.2021

Added vulnerability #60-63.

Updated: 21.05.2021

Added vulnerability #64.

1) Security restrictions bypass

EUVDB-ID: #VU52598

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1810

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions within the archiving utility. A local user can bypass Gatekeeper checks and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU52620

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1840

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within macOS kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Security restrictions bypass

EUVDB-ID: #VU52631

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1839

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the Time Machine component does not properly impose security restrictions. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Security restrictions bypass

EUVDB-ID: #VU52630

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1868

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the Tailspin component does not properly impose security restrictions. A local user can escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU52628

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-1878

CWE-ID: CWE-190 - Integer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to integer overflow within the smbx component. A remote attacker on the local network can send specially crafted traffic to the system and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Input validation error

EUVDB-ID: #VU52627

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1740

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of directory paths. A local user can modify protected parts of the filesystem.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU52626

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1739

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of directory paths. A local user can modify protected parts of the filesystem.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU52625

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1876

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing web content within the NSRemoteView component. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU52623

Risk: Low

CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1824

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive

The vulnerability exists due to system does not properly impose security restrictions within the Login Window component in macOS. A malicious application with root privileges can access private information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Double Free

EUVDB-ID: #VU52622

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1875

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a double free error when processing files within the libxslt library. A remote attacker can trick the victim to open a specially crafted file, trigger heap corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Race condition

EUVDB-ID: #VU52621

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30652

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the libxpc library. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU52619

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1851

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within macOS kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU52599

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1808

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the Audio component. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Out-of-bounds read

EUVDB-ID: #VU52617

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1860

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within macOS kernel. A local user can run a specially crafted program to trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Out-of-bounds write

EUVDB-ID: #VU52616

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1834

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Intel Graphics Driver component. A local user can run a specially create program to trigger an out-of-bounds write and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
http://www.zerodayinitiative.com/advisories/ZDI-21-596/
http://www.zerodayinitiative.com/advisories/ZDI-21-595/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Input validation error

EUVDB-ID: #VU52615

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1843

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the ImageIO component. A remote attacker can create a specially crafted image, trick the victim into opening it and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU52614

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1882

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Foundation component. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with root privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Security restrictions bypass

EUVDB-ID: #VU52612

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1813

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the Foundation component does not properly impose security restrictions. A local user can run a specially crafted program to escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Race condition

EUVDB-ID: #VU52610

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27942

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system

The vulnerability exists due to a race condition within the FontParser component when processing font files. A remote attacker can create a specially crafted font file, trick the victim to open a specially crafted document or a web page with it, and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 10.15.7 19H524

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds write

EUVDB-ID: #VU52609

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1881

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing font files within the GetFDIndex function in libFontParser. A remote attacker can create a specially crafted OTF font, trick the victim into a document of a web page with the malicious font, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327
http://www.zerodayinitiative.com/advisories/ZDI-21-600/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU52607

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1784

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to system does properly perform ownership checks within the DiskArbitration component. A local user can modify protected parts of the filesystem and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Out-of-bounds read

EUVDB-ID: #VU52605

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1811

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the CoreText component when processing specially crafted font files. A remote attacker can create a specially crafted font file, trick the victim into opening a document or a web page that contains the malicious font, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer overflow

EUVDB-ID: #VU52604

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1847

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the CoreGraphics component. A remote attacker can create a specially crafted filet, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Out-of-bounds read

EUVDB-ID: #VU52603

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1809

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the CoreAudio component. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper Initialization

EUVDB-ID: #VU52600

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1857

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper initialization within the CFNetwork component when processing crafted web content. A remote attacker can trick the victim to open a specially crafted webpage, trigger memory corruption and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14 18A391 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU52633

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1828

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the WiF component. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14.1 18B2107 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Security restrictions bypass

EUVDB-ID: #VU52634

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3838

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privilege son the system.

The vulnerability exists within the wifivelocityd component. A local user can run a specially crafted application to escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14.1 18B2107 - 10.15.7 19H524

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU52636

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1873

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists in the Windows Server component within API implementation, related to
Accessibility TCC permissions. A local user can obtain credentials from secure text fields.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.14.1 18B2107 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Uncontrolled Recursion

EUVDB-ID: #VU48894

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8285

CWE-ID: CWE-674 - Uncontrolled Recursion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due tu uncontrolled recursion when processing FTP responses within the wildcard matching functionality, which allows a callback (set with <a href="https://curl.se/libcurl/c/CURLOPT_CHUNK_BGN_FUNCTION.html">CURLOPT_CHUNK_BGN_FUNCTION</a>) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. A remote attacker who controls the malicious FTP server can trick the victim to connect to it and crash the application, which is using the affected libcurl version.

Mitigation

Install update form vendor's website.

Vulnerable software versions

macOS: 10.14.1 18B2107 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper Check for Certificate Revocation

EUVDB-ID: #VU48895

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8286

CWE-ID: CWE-299 - Improper Check for Certificate Revocation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrectly implemented checks for OCSP stapling. A remote attacker can provide a fraudulent OCSP response that would appear fine, instead of the real one.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.14.1 18B2107 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Allocation of Resources Without Limits or Throttling

EUVDB-ID: #VU48587

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8037

CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 10.14.1 18B2107 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212326
http://support.apple.com/en-us/HT212325
http://support.apple.com/en-us/HT212327


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds read

EUVDB-ID: #VU52648

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1867

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input within the Apple Neural Engine component. A local application can trigger an out-of-bounds read and execute arbitrary code on the target system with kernel privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU52647

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1849

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a malicious application to bypass implemented security restrictions.

The vulnerability exists due to improper signature validation with in the AppleMobileFileIntegrity component. A malicious application can bypass Privacy preferences.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU52646

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1853

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permissions management within the APFS component. A local user can run a specially crafted application to escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use-after-free

EUVDB-ID: #VU52652

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-30661

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing web content within the WebKit Storage component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

36) Security features bypass

EUVDB-ID: #VU52653

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-30657

CWE-ID: CWE-254 - Security Features

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a logic issue within the Gatekeeper checks. A remote attacker can craft a specially crafted payload that is not checked by Gatekeeper and bypasses File Quarantine and Application Notarization protections as well. As a result, a malicious binary can be executed on the system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325
http://cedowens.medium.com/macos-gatekeeper-bypass-2021-edition-5256a2955508


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

37) Out-of-bounds read

EUVDB-ID: #VU52654

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1846

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the CoreAudio component. A remote attacker can create a specially crafted audio file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Information disclosure

EUVDB-ID: #VU52655

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30659

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a validation issue within the CoreFoundation component. A malicious application can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Resource management error

EUVDB-ID: #VU52656

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1872

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper management of internal resources within FaceTime when muting a CallKit call, which results in muting not being enabled while ringing. A remote attacker can eavesdrop on conversation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Heap-based buffer overflow

EUVDB-ID: #VU52657

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1883

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heimdal when processing server messages. A remote attacker can trick the user to connect to a malicious server, send a specially crafted message, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Race condition

EUVDB-ID: #VU52658

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1884

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a race condition in Heimdal. A remote attacker can crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Out-of-bounds read

EUVDB-ID: #VU52662

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1885

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a boundary condition within the ImageIO component. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds read

EUVDB-ID: #VU52661

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1814

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the ImageIO framework. A remote attacker can create a specially crafted DDS image, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325
http://www.zerodayinitiative.com/advisories/ZDI-21-598/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Input validation error

EUVDB-ID: #VU52660

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30653

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the ImageIO component A remote attacker can trick the victim to open a specially crafted image and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Input validation error

EUVDB-ID: #VU52659

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1880

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the ImageIO component A remote attacker can trick the victim to open a specially crafted image and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Out-of-bounds write

EUVDB-ID: #VU52665

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1841

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Intel Graphics Driver component. A local user can run a specially crafted program to trigger out-of-bounds write and execute arbitrary code on the target system with kernel privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Input validation error

EUVDB-ID: #VU52664

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30658

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions

The vulnerability exists due to insufficient validation of user-supplied input within the Installer component when handling metadata. A remote attacker can bypass Gatekeeper checks and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Out-of-bounds read

EUVDB-ID: #VU52663

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1858

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the DecodeRow function in ImageIO. A remote attacker can create a specially crafted KTX image, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325
http://www.zerodayinitiative.com/advisories/ZDI-21-599/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Resource management error

EUVDB-ID: #VU52671

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1855

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform unnecessary network connections.

The vulnerability exists due to improper management of internal resources within Safari on macOS. A remote attacker can create a specially crafted website and force unnecessary network connections to fetch its favicon.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper Resource Locking

EUVDB-ID: #VU52670

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1861

CWE-ID: CWE-413 - Improper Resource Locking

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the way cache occupancy is handled in Safari on macOS. A remote attacker can track users on the internet by setting state in a cache.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Input validation error

EUVDB-ID: #VU52669

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1815

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of directory paths. A local user can modify protected parts of the filesystem.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Security restrictions bypass

EUVDB-ID: #VU52668

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1859

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to Locked Notes content can be unexpectedly unlocked. A local user can gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Out-of-bounds read

EUVDB-ID: #VU52667

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30660

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within kernel. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of kernel memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Insecure Inherited Permissions

EUVDB-ID: #VU52666

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1832

CWE-ID: CWE-277 - Insecure inherited permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists within the kernel component, as copied files may not have the expected file permissions. A local user can abuse such behavior to elevate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Security restrictions bypass

EUVDB-ID: #VU52676

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30655

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions within the WiFi component. A local application can execute arbitrary code with system privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Type Confusion

EUVDB-ID: #VU52675

Risk: Medium

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1829

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileged on the system.

The vulnerability exists due to a type confusion error within the WiFi component. A local application can execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Buffer overflow

EUVDB-ID: #VU52674

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1817

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Improper Initialization

EUVDB-ID: #VU52673

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1820

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to improper memory initialization in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it and disclose contents of process memory.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Universal cross-site scripting

EUVDB-ID: #VU52672

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1826

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Out-of-bounds write

EUVDB-ID: #VU53401

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30664

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in CoreAudio component. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Use-after-free

EUVDB-ID: #VU46227

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-7463

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error when processing SCTP messages. A local user can send large user messages from multiple threads on the same socket., trigger a use-after-free error and crash the system.


Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Information disclosure

EUVDB-ID: #VU48893

Risk: Medium

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8284

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way cURL handles PASV responses. A remote attacker with control over malicious FTP server can use the PASV response to trick curl into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Universal cross-site scripting

EUVDB-ID: #VU52643

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1825

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.2.3 20D91

CPE2.3 External links

http://support.apple.com/en-us/HT212325


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Type Confusion

EUVDB-ID: #VU53404

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30745

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the QuartzCore Framework. A local user can run a specially crafted program to trigger a type confusion error and execute arbitrary code on the system in the context of WindowServer.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 10.15 19A583 - 10.15.7 19H524

CPE2.3 External links

http://www.zerodayinitiative.com/advisories/ZDI-21-597/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###