Multiple vulnerabilities in Apple macOS Big Sur



| Updated: 2023-03-25
Risk Critical
Patch available YES
Number of vulnerabilities 32
CVE-ID CVE-2021-30860
CVE-2021-30858
CVE-2021-30845
CVE-2021-30829
CVE-2021-30828
CVE-2021-30827
CVE-2021-30844
CVE-2021-30850
CVE-2021-30859
CVE-2021-30865
CVE-2021-30830
CVE-2021-30853
CVE-2021-30832
CVE-2013-0340
CVE-2021-22925
CVE-2021-30841
CVE-2021-30842
CVE-2021-30843
CVE-2021-30847
CVE-2021-30855
CVE-2021-30857
CVE-2021-30811
CVE-2021-30819
CVE-2021-30834
CVE-2021-30835
CVE-2021-30838
CVE-2021-30864
CVE-2021-30925
CVE-2021-30928
CVE-2021-31010
CVE-2021-30813
CVE-2021-30933
CWE-ID CWE-190
CWE-416
CWE-125
CWE-20
CWE-264
CWE-401
CWE-843
CWE-119
CWE-400
CWE-457
CWE-61
CWE-362
CWE-200
CWE-254
CWE-502
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerability #2 is being exploited in the wild.
Vulnerability #12 is being exploited in the wild.
Vulnerability #30 is being exploited in the wild.
Vulnerable software
macOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Bulletin

This security bulletin contains information about 32 vulnerabilities.

Updated: 21.09.2021

Added vulnerabilities #3-21.

Updated: 16.02.2022

Added vulnerabilities #22-29.

1) Integer overflow

EUVDB-ID: #VU56067

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-30860

CWE-ID: CWE-190 - Integer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.

Note, the vulnerability is being active exploited in-the-wild via the FORCEDENTRY tool against Bahraini activists.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Use-after-free

EUVDB-ID: #VU56475

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-30858

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in-the-wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

3) Out-of-bounds read

EUVDB-ID: #VU56747

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30845

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the SMB subsystem. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU56740

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30829

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary files with elevated privileges.

The vulnerability exists due to insufficient validation of user-supplied input while parsing URI in CUPS subsystem. A local user can execute arbitrary files on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56739

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30828

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improperly imposed security restrictions in CUPS subsystem. A local user can read arbitrary files with root privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56738

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30827

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improperly imposed security restrictions in CUPS. A local user can execute arbitrary code on the system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU56748

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30844

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack.

The vulnerability exists due memory leak within the SMB subsystem. A local user can force the application to leak memory and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56746

Risk: Low

CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30850

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists within the Sandbox subsystem. A local user can gain access to protected parts of the file system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Type Confusion

EUVDB-ID: #VU56745

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30859

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the OS kernel subsystem. A local user can run a specially crafted application to trigger a type confusion error and execute arbitrary code with kernel privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU56744

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30865

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the OS kernel subsystem. A local user can trigger an out-of-bounds read error and execute arbitrary code with kernel privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Buffer overflow

EUVDB-ID: #VU56743

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30830

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with root privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Security restrictions bypass

EUVDB-ID: #VU56742

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-30853

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists in Gatekeeper  due to improperly imposed security restrictions. A local application can bypass Gatekeeper checks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

13) Use-after-free

EUVDB-ID: #VU56741

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30832

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the CVMServer daemon. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804
http://www.zerodayinitiative.com/advisories/ZDI-22-355/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource exhaustion

EUVDB-ID: #VU42119

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-0340

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows remote attackers to cause a denial of service attack.

The vulnerability exists due to insufficient validation of user-supplied input within the expat library, when processing XML files. A remote attacker can pass specially crafted XML content to the affected library and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use of Uninitialized Variable

EUVDB-ID: #VU55149

Risk: Medium

CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-22925

CWE-ID: CWE-457 - Use of Uninitialized Variable

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU56719

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30841

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing font files within FontParser. A remote attacker can create a specially crafted document or a web page with a malicious font, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU56720

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30842

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing font files within FontParser. A remote attacker can create a specially crafted document or a web page with a malicious font, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Buffer overflow

EUVDB-ID: #VU56722

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30843

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing font files within FontParser. A remote attacker can create a specially crafted document or a web page with a malicious font, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

EUVDB-ID: #VU56723

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30847

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing images within ImageIO. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) UNIX symbolic link following

EUVDB-ID: #VU56726

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30855

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local application to gain access to otherwise restricted functionality.

The vulnerability exists due to a symlink following issue in Preferences. A local application can create a specially crafted symbolic link to a critical file on the system and  access restricted files.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Race condition

EUVDB-ID: #VU56724

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30857

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition with the OS kernel component. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Information disclosure

EUVDB-ID: #VU56715

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30811

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to unspecified error within AppleMobileFileIntegrity. A local application can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU56725

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30819

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing USD images within the Model I/O subsystem. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Input validation error

EUVDB-ID: #VU57729

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30834

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the CoreAudio subsystem. A remote attacker can trick the victim to open a specially crafted audio file and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Buffer overflow

EUVDB-ID: #VU56721

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30835

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing images within ImageIO. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU56716

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30838

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Accessory Manager. A local application can trigger memory corruption and execute arbitrary code with system privileges on devices with an Apple Neural Engine

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Security restrictions bypass

EUVDB-ID: #VU57736

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30864

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists in the LaunchServices subsystem. A sandboxed process is able to circumvent sandbox restrictions and gain unauthorized access to the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Security features bypass

EUVDB-ID: #VU60658

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30925

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to incorrect permissions logic in Sandbox. A malicious application can bypass Privacy preferences and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Buffer overflow

EUVDB-ID: #VU60659

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30928

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing image files in CoreGraphics component. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Deserialization of Untrusted Data

EUVDB-ID: #VU72152

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-31010

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to insecure input validation when processing serialized data within the Core Telephony service. A local application can pass specially crafted data to the service and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

macOS: 11.0 20A2411 - 11.5.2 20G95

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

31) Security restrictions bypass

EUVDB-ID: #VU57737

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30813

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists in the Login Window implementation. A person with access to a host Mac is able to bypass the Login Window in Remote Desktop for a locked instance of macOS.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 11.6 20G165

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Race condition

EUVDB-ID: #VU64925

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30933

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in Graphics Drivers. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

macOS: before 11.6 20G165

CPE2.3 External links

http://support.apple.com/en-us/HT212804


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###