Vulnerabilities Details

  • Home
  • Vulnerabilities Details

ZMC-2021.12.20.0800

macOS Catalina: Multiple vulnerabilities

Operating System:

[WIN][UNIX/LINUX]

Published:

20th December 2021

VulnerabilitiesZMC-2021.12.20.0800 


=========================================================================== 
                         ZMCIRT Vulnerability Bulletin

                             ZMC-2021.12.20.0800
                       macOS Catalina: Multiple vulnerabilities
                               20th December 2021

===========================================================================

Product:           macOS Catalina
Publisher:         Apple
Operating System:  macOS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Modify Permissions              -- Existing Account            
                   Denial of Service               -- Remote/Unauthenticated      
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-30995 CVE-2021-30990 CVE-2021-30982
                   CVE-2021-30981 CVE-2021-30980 CVE-2021-30979
                   CVE-2021-30977 CVE-2021-30976 CVE-2021-30975
                   CVE-2021-30973 CVE-2021-30971 CVE-2021-30969
                   CVE-2021-30968 CVE-2021-30965 CVE-2021-30963
                   CVE-2021-30961 CVE-2021-30959 CVE-2021-30958
                   CVE-2021-30950 CVE-2021-30949 CVE-2021-30945
                   CVE-2021-30942 CVE-2021-30941 CVE-2021-30940
                   CVE-2021-30939 CVE-2021-30938 CVE-2021-30937
                   CVE-2021-30935 CVE-2021-30931 CVE-2021-30929
                   CVE-2021-30927 CVE-2021-30767 

Reference:         ESB-2021.4260
                   ESB-2021.4262

Original Bulletin: 
   https://support.apple.com/HT212981

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-12-15-4 Security Update 2021-008 Catalina

Security Update 2021-008 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212981.

Archive Utility
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30950: @gorelics

Bluetooth
Available for: macOS Catalina
Impact: A malicious application may be able to disclose kernel memory
Description: A logic issue was addressed with improved validation.
CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America

Bluetooth
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30935: an anonymous researcher

ColorSync
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue in the processing of ICC
profiles was addressed with improved input validation.
CVE-2021-30942: Mateusz Jurczyk of Google Project Zero

CoreAudio
Available for: macOS Catalina
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

CoreAudio
Available for: macOS Catalina
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab
CVE-2021-30961: an anonymous researcher
CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab

Crash Reporter
Available for: macOS Catalina
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

Graphics Drivers
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-30977: Jack Dates of RET2 Systems, Inc.

Help Viewer
Available for: macOS Catalina
Impact: Processing a maliciously crafted URL may cause unexpected
JavaScript execution from a file on disk
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab, Mickey Jin (@patch1t) of Trend Micro

Intel Graphics Driver
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-30981: an anonymous researcher, Liu Long of Ant Security
Light-Year Lab

IOUSBHostFamily
Available for: macOS Catalina
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: A race condition was addressed with improved locking.
CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America

Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30927: Xinru Chi of Pangu Lab
CVE-2021-30980: Xinru Chi of Pangu Lab

Kernel
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2021-30937: Sergei Glazunov of Google Project Zero

Kernel
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30949: Ian Beer of Google Project Zero

LaunchServices
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved validation.
CVE-2021-30990: Ron Masas of BreakPoint.sh

LaunchServices
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent
Security Xuanwu Lab

Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab

Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro

Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab

Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security

Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security

Preferences
Available for: macOS Catalina
Impact: A malicious application may be able to elevate privileges
Description: A race condition was addressed with improved state
handling.
CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin
(@patch1t)

Sandbox
Available for: macOS Catalina
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: A validation issue related to hard link behavior was
addressed with improved sandbox restrictions.
CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security

Script Editor
Available for: macOS Catalina
Impact: A malicious OSAX scripting addition may bypass Gatekeeper
checks and circumvent sandbox restrictions
Description: This issue was addressed by disabling execution of
JavaScript when viewing a scripting dictionary.
CVE-2021-30975: Ryan Pickren (ryanpickren.com)

TCC
Available for: macOS Catalina
Impact: A local user may be able to modify protected parts of the
file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30767: @gorelics

TCC
Available for: macOS Catalina
Impact: A malicious application may be able to cause a denial of
service to Endpoint Security clients
Description: A logic issue was addressed with improved state
management.
CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security

Wi-Fi
Available for: macOS Catalina
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: This issue was addressed with improved checks.
CVE-2021-30938: Xinru Chi of Pangu Lab

Additional recognition

Admin Framework
We would like to acknowledge Simon Andersen of Aarhus University and
Pico Mitchell for their assistance.

ColorSync
We would like to acknowledge Mateusz Jurczyk of Google Project Zero
for their assistance.

Contacts
We would like to acknowledge Minchan Park (03stin) for their
assistance.

Kernel
We would like to acknowledge Amit Klein of Bar-Ilan University's
Center for Research in Applied Cryptography and Cyber Security for
their assistance.

Model I/O
We would like to acknowledge Rui Yang and Xingwei Lin of Ant Security
Light-Year Lab for their assistance.

Installation note:
This update may be obtained from the Mac App Store

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222




- --------------------------END INCLUDED TEXT--------------------





 
ZMCIRT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. ZMCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Internet Email: report@cirt.zm     
Telephone:     7070 
                ZMCIRT personnel answer during Zambian business hours 
                which are 8am to 5pm.
                On call after hours for member emergencies only.
===========================================================================

Copyright @2023 ZAMBIA CIRT