Headline

CVE-2021-30970: About the security content of macOS Monterey 12.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.

3 years ago

CVE

Open in Source

#vulnerability #web #mac #google #microsoft #dos #java

Released December 13, 2021

Airport

Available for: macOS Monterey

Impact: A device may be passively tracked via BSSIDs

Description: An access issue was addressed with improved access restrictions.

CVE-2021-30987: Jason Meller, Fritz Ifert-Miller, and Joseph Sokol-Margolis of Kolide

Archive Utility

Available for: macOS Monterey

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.

CVE-2021-30950: @gorelics

Audio

Available for: macOS Monterey

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab

Bluetooth

Available for: macOS Monterey

Impact: A device may be passively tracked by its Bluetooth MAC address

Description: A device configuration issue was addressed with an updated configuration.

CVE-2021-30986: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

CFNetwork Proxies

Available for: macOS Monterey

Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations

Description: A logic issue was addressed with improved state management.

CVE-2021-30966: Michal Rajcan of Jamf, Matt Vlasach of Jamf (Wandera)

ColorSync

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30926: Jeremy Brown

CVE-2021-30942: Mateusz Jurczyk of Google Project Zero

CoreAudio

Available for: macOS Monterey

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab

CoreAudio

Available for: macOS Monterey

Impact: Playing a malicious audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

Crash Reporter

Available for: macOS Monterey

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

Graphics Drivers

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30977: Jack Dates of RET2 Systems, Inc.

ImageIO

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro

Intel Graphics Driver

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30981: Liu Long of Ant Security Light-Year Lab, an anonymous researcher

IOMobileFrameBuffer

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30996: Saar Amar (@AmarSaar)

IOUSBHostFamily

Available for: macOS Monterey

Impact: A remote attacker may be able to cause unexpected application termination or heap corruption

Description: A race condition was addressed with improved locking.

CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

Kernel

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2021-30937: Sergei Glazunov of Google Project Zero

Kernel

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30927: Xinru Chi of Pangu Lab

CVE-2021-30980: Xinru Chi of Pangu Lab

Kernel

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30949: Ian Beer of Google Project Zero

Kernel

Available for: macOS Monterey

Impact: An attacker in a privileged network position may be able to execute arbitrary code

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero

Kernel

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30955: Zweig of Kunlun Lab

LaunchServices

Available for: macOS Monterey

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.

CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

LaunchServices

Available for: macOS Monterey

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved validation.

CVE-2021-30990: Ron Masas of BreakPoint.sh

Model I/O

Available for: macOS Monterey

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security

Model I/O

Available for: macOS Monterey

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security

Model I/O

Available for: macOS Monterey

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

Model I/O

Available for: macOS Monterey

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro

Model I/O

Available for: macOS Monterey

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

Preferences

Available for: macOS Monterey

Impact: A malicious application may be able to elevate privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)

Sandbox

Available for: macOS Monterey

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions.

CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox

Available for: macOS Monterey

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30946: @gorelics

Sandbox

Available for: macOS Monterey

Impact: An application may be able to access a user’s files

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security

Script Editor

Available for: macOS Monterey

Impact: A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions

Description: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary.

CVE-2021-30975: Ryan Pickren (ryanpickren.com)

TCC

Available for: macOS Monterey

Impact: A local user may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved state management.

CVE-2021-30767: @gorelics

TCC

Available for: macOS Monterey

Impact: A malicious application may be able to bypass Privacy preferences

Description: An inherited permissions issue was addressed with additional restrictions.

CVE-2021-30964: Andy Grant of Zoom Video Communications

TCC

Available for: macOS Monterey

Impact: A malicious application may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2021-30970: Jonathan Bar Or of Microsoft

TCC

Available for: macOS Monterey

Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients

Description: A logic issue was addressed with improved state management.

CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security

WebKit

Available for: macOS Monterey