Apple Security Advisory 2021-05-25-3 - Security Update 2021-004 Mojave addresses bypass, code execution, denial of service, heap corruption, information leakage, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
776008bfbdb46c0bcd65cacb835a4914ca1905855f39711dfc2b2c16dd497aa5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-05-25-3 Security Update 2021-004 Mojave
Security Update 2021-004 Mojave addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212531.
AMD
Available for: macOS Mojave
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-30676: shrek_wzw
AMD
Available for: macOS Mojave
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30678: Yu Wang of Didi Research America
apache
Available for: macOS Mojave
Impact: Multiple issues in apache
Description: Multiple issues in apache were addressed by updating
apache to version 2.4.46.
CVE-2021-30690: an anonymous researcher
AppleScript
Available for: macOS Mojave
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30669: Yair Hoffmann
Core Services
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CVMS
Available for: macOS Mojave
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Heimdal
Available for: macOS Mojave
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Mojave
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Mojave
Impact: Processing maliciously crafted server messages may lead to
heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Mojave
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Mojave
Impact: A malicious application could execute arbitrary code leading
to compromise of user information
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Mojave
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Mojave
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Mojave
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
Kernel
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher
Login Window
Available for: macOS Mojave
Impact: A person with physical access to a Mac may be able to bypass
Login Window
Description: A logic issue was addressed with improved state
management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Mojave
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable
code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Mojave
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36229
CVE-2020-36225
CVE-2020-36224
CVE-2020-36223
CVE-2020-36227
CVE-2020-36228
CVE-2020-36221
CVE-2020-36222
CVE-2020-36230
smbx
Available for: macOS Mojave
Impact: An attacker in a privileged network position may be able to
perform denial of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Mojave
Impact: An attacker in a privileged network position may be able to
execute arbitrary code
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Mojave
Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Mojave
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Mojave
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
Additional recognition
CFString
We would like to acknowledge an anonymous researcher for their
assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9EACgkQZcsbuWJ6
jjCFWg//YnTAv0f31A5ILv6tAFsMOLCqe5qfpGEqQDktx5kNmnZVQxck0yAEPVH4
SghKtTTE0t6KXne94QcnEntdgoMG+EgsvBqBzCxpJtjxArwxQHqL/slnfIKKTSg7
8+PIQALwJDOLrtxzf6X0VY0fT3tElYcq8qrrYrqQgXCn8C3bKvO/42wwdVCDOTmD
kft0PhZkHa1GyJ+RuPAv+Y9KVrTy2dYX6hGMbiFpJ2il0My+CgdvJc4QO4P7kObk
nProKc8zdsNAXTMHX1s0tfR8MFwnNquJT6/KV/FHeby1rbT3CK4zd6x64dIq4KVi
j4Spubs5/TT4ji926R3xm5W3MkOegJiB9S2Rjy5LU/JMyV+BM9VBEZ6upK0y4+l6
tHCdhf90Kwt82zQYBE1o3nCBAPhWz9rk91kuPl1YstvLzBrdujmXRtLgcQVW2F+e
NLCtyx1/WUUi2WR5VWiz9AMBl8QjBWXuGvmR+ToBK/m6T8km4lp6V74mbCj1OyKg
0wHf0oh0KNZRCrtR2PoIvBZnC+KxcdH4QVqKPePYzr+CYnWnA6TDV5yXWITVYLQA
x74LPPpDML/yc9TLgWxNTTMuEflG+riGTO3Oet3iB1SFsobbAqWlfZqIklBHgyQe
f62TlXzjqJWuFBzlhQ0weK8EbgDQWoRiJM3xnpO2HnM2nRQvWfs=t1cR
-----END PGP SIGNATURE-----