-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-12-15-3 macOS Big Sur 11.6.2

macOS Big Sur 11.6.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212979.

Archive Utility
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30950: @gorelics

Bluetooth
Available for: macOS Big Sur
Impact: A malicious application may be able to disclose kernel memory
Description: A logic issue was addressed with improved validation.
CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America

Bluetooth
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30935: an anonymous researcher

ColorSync
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue in the processing of ICC
profiles was addressed with improved input validation.
CVE-2021-30942: Mateusz Jurczyk of Google Project Zero

CoreAudio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab
CVE-2021-30961: an anonymous researcher
CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab

CoreAudio
Available for: macOS Big Sur
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

Crash Reporter
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-30977: Jack Dates of RET2 Systems, Inc.

Help Viewer
Available for: macOS Big Sur
Impact: Processing a maliciously crafted URL may cause unexpected
JavaScript execution from a file on disk
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab, Mickey Jin (@patch1t) of Trend Micro

Intel Graphics Driver
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-30981: Liu Long of Ant Security Light-Year Lab, an anonymous
researcher

IOUSBHostFamily
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: A race condition was addressed with improved locking.
CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America

Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30927: Xinru Chi of Pangu Lab
CVE-2021-30980: Xinru Chi of Pangu Lab

Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2021-30937: Sergei Glazunov of Google Project Zero

Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30949: Ian Beer of Google Project Zero

LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved validation.
CVE-2021-30990: Ron Masas of BreakPoint.sh

LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent
Security Xuanwu Lab

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security

Preferences
Available for: macOS Big Sur
Impact: A malicious application may be able to elevate privileges
Description: A race condition was addressed with improved state
handling.
CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin
(@patch1t)

Sandbox
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: A validation issue related to hard link behavior was
addressed with improved sandbox restrictions.
CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox
Available for: macOS Big Sur
Impact: An application may be able to access a user's files
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30946: @gorelics

Script Editor
Available for: macOS Big Sur
Impact: A malicious OSAX scripting addition may bypass Gatekeeper
checks and circumvent sandbox restrictions
Description: This issue was addressed by disabling execution of
JavaScript when viewing a scripting dictionary.
CVE-2021-30975: Ryan Pickren (ryanpickren.com)

TCC
Available for: macOS Big Sur
Impact: A local user may be able to modify protected parts of the
file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30767: @gorelics

TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences
Description: A logic issue was addressed with improved state
management.
CVE-2021-30970: Jonathan Bar Or of Microsoft

TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to cause a denial of
service to Endpoint Security clients
Description: A logic issue was addressed with improved state
management.
CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security

Wi-Fi
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: This issue was addressed with improved checks.
CVE-2021-30938: Xinru Chi of Pangu Lab

Additional recognition

Admin Framework
We would like to acknowledge Simon Andersen of Aarhus University and
Pico Mitchell for their assistance.

ColorSync
We would like to acknowledge Mateusz Jurczyk of Google Project Zero
for their assistance.

Contacts
We would like to acknowledge Minchan Park (03stin) for their
assistance.

Kernel
We would like to acknowledge Amit Klein of Bar-Ilan University's
Center for Research in Applied Cryptography and Cyber Security for
their assistance.

Model I/O
We would like to acknowledge Rui Yang and Xingwei Lin of Ant Security
Light-Year Lab for their assistance.

Installation note:
This update may be obtained from the Mac App Store

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UncACgkQeC9qKD1p
rhi3ZA/+JN0mQCWghikUr8/kK9kNAz6FtHO3M5yvyXXQkArAQBmaTk5aaSpsEDi1
KrE+khCjp7N1eGTHrJ2L6q35X+2UEZZUGC/Uic7Dt/CKoQvkTyfGKCHMIhTxF6O8
JGRIz1+wKCXq8lADs29Q1rRg0TkfaIcbCiKI0YMNWgGWBVuXy5LBq/6EvZ2f8Vhe
kvDB46D27C9xHgbCq+ihmVdE6iwAVfVYYOh22uP2lGkT6a1jKI6iifkPl/tuiiVy
ZWRLWUJwa3HOdAzy511MSjdnj9RBsI4TYJa4QW+Urn8N4sf9wlrU+5Ng+Yfob4U7
n1G2g2V3o3CQpInl+L7CQN44oFYy9UMmuQGtWd3AqcUbTASuoYcV7P6Hz9X5Akwo
buASJcsVBbsCCcFGu8OCygvM3ro44D7uG0vPy65BBTVxgiEyUtSuEE8Gti930zC0
FbBgIQk0W2rvBZiEh+stl/87XrIso18oW7k2D5gmkud6TWqK83JxS8Dmd8Rs1uGW
Jc2f7enQyN3OQ2MqcU2aYPdV9+QoEq4Hn29xlct99Vq8lcSwp+rtrP7ZgF3MqVRB
Dku4o5Xeh3JngTn1si+lk7X1xVX8DHPnV/k0ZUuCB6TJOLUkdye8ezoLpmkf6Nq/
Q5LC4KIwz9JVMON1ZArO58EMBJXKrA8doxHAxZBOBJxBJQqEltQŠfg
-----END PGP SIGNATURE-----