exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apple Security Advisory 2021-07-21-4

Apple Security Advisory 2021-07-21-4
Posted Jul 23, 2021
Authored by Apple | Site apple.com

Apple Security Advisory 2021-07-21-4 - Security Update 2021-005 Mojave addresses code execution, double free, information leakage, integer overflow, out of bounds read, and out of bounds write vulnerabilities.

tags | advisory, overflow, vulnerability, code execution
systems | apple
advisories | CVE-2021-30672, CVE-2021-30677, CVE-2021-30703, CVE-2021-30733, CVE-2021-30759, CVE-2021-30760, CVE-2021-30765, CVE-2021-30766, CVE-2021-30777, CVE-2021-30780, CVE-2021-30781, CVE-2021-30782, CVE-2021-30783, CVE-2021-30787, CVE-2021-30788, CVE-2021-30790, CVE-2021-30793, CVE-2021-30796, CVE-2021-30799, CVE-2021-30805
SHA-256 | e21f56d5a667fcc5ff7b65c8716a46a90e4fa303e50daa8548cf0fc30181d8d7

Apple Security Advisory 2021-07-21-4

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-07-21-4 Security Update 2021-005 Mojave

Security Update 2021-005 Mojave addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212603.

AMD Kernel
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30805: ABC Research s.r.o

AppKit
Available for: macOS Mojave
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day
Initiative

Audio
Available for: macOS Mojave
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30781: tr3e

Bluetooth
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30672: say2 of ENKI

CoreStorage
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: An injection issue was addressed with improved
validation.
CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video
Communications and Gary Nield of ECSC Group plc

CoreText
Available for: macOS Mojave
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30733: Sunglin from the Knownsec 404

CVMS
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video
Communications

FontParser
Available for: macOS Mojave
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30760: Sunglin of Knownsec 404 team

FontParser
Available for: macOS Mojave
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day
Initiative

FontParser
Available for: macOS Mojave
Impact: Processing a maliciously crafted tiff file may lead to a
denial-of-service or potentially disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative

Intel Graphics Driver
Available for: macOS Mojave
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: This issue was addressed with improved checks.
CVE-2021-30787: Anonymous working with Trend Micro Zero Day
Initiative

Intel Graphics Driver
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30765: Liu Long of Ant Security Light-Year Lab
CVE-2021-30766: Liu Long of Ant Security Light-Year Lab

Kernel
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A double free issue was addressed with improved memory
management.
CVE-2021-30703: an anonymous researcher

Kernel
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab

LaunchServices
Available for: macOS Mojave
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)

LaunchServices
Available for: macOS Mojave
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30783: Ron Waisberg (@epsilan)

Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved validation.
CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro

Sandbox
Available for: macOS Mojave
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved checks.
CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security

WebKit
Available for: macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30799: Sergei Glazunov of Google Project Zero

Additional recognition

configd
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

CoreServices
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.

CoreText
We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for
their assistance.

crontabs
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

IOKit
We would like to acknowledge George Nosenko for their assistance.

Spotlight
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

Installation note:

This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8gACgkQZcsbuWJ6
jjAFqw//aRrp4GJSvgT+hScSa6eEABeqAhFgN5tnuRq5i08PpnrHvHqzTHK/Mt14
XEC1ki6Vzhe68ngSqGwLllEv1UjMZ2BkCCNQWse5RmkPvjwXO815SjZyJuVWwVdf
t4zlfFaMKS/kzxugIMUD6auYUKGaqV3FJYvWYBStvbdv5veu1zuEH5d7MxeQ/A8X
32oM7I1anDUEC7yRjT4yV567ameQElIiv+plLgyQwvK4DcRCNPvpdq+7wLgnoeXU
WYFUOVsJkzFy1oOnVUmX/DQgoYW7jbZzN2+rnPRcYMl+VqpQDP0leefMOTY2OPlR
CAbJD7N67UZwC/e4PKIv6Q5q+ajqsnqo9MOmmB8kbVHn9aIU2Z52FxIv7fM58cA0
OQOYcngSHboz1q2JMjhBm+RJWy67B/1W6F/TOklbdMTlIlF/e3EkL/kpx0Svvpco
zCOv1KeS4NO/gxijkLxuZzMhFzj3Gl+hMBwwVARIR4TbvKX0oqiHetGL0ImnHVKy
P+AXZwvqSHdV9XOxz2BQoSaeMxTNfwp+TIIttbLPU8no8uUcJKgPx5fp/+nnWjrd
IPCBc0JG9f41nbx/WlVFIaBZ0idS6c5g9zxDyBI1xaxbF0LPG3ID3sx589Nj5+wL
/p8WfH/o9nv7psvQMO8PgzQ+orSZo5LOBAq1rFzwOKGPZaYNeKc=gcuI
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close