This script will create a zip file exploiting CVE-2021-1810 by creating a directory hierarchy deep enough for Archive Utility to fail setting quarantine attributes on certain files while also making some path names long enough to prevent Safari automating unzipping from unpacking the archive. Finally, the script will create a symbolic link at the top level, making the zip file appear like a normal app bundle zip file.
27f01873128025928ef40392c54869c04de239ae765903eac4c672f993c9065b
Apple Security Advisory 2021-04-26-3 - Security Update 2021-002 Catalina addresses buffer overflow, bypass, code execution, denial of service, double free, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
9fb4794f7521059a8704f973e8f3f52c8d67eaf416db339cd80d4855e58d63e0
Apple Security Advisory 2021-04-26-2 - macOS Big Sur 11.3 addresses buffer overflow, bypass, code execution, cross site scripting, denial of service, double free, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
680d89257590bf8337b86839a16e2efaa29641b68a2b8ac21e5d767c4ad06b2e