CVE-2021-30767: About the security content of Security Update 2021-008 Catalina

Released December 13, 2021

Archive Utility

Available for: macOS Catalina

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.

CVE-2021-30950: @gorelics

Bluetooth

Available for: macOS Catalina

Impact: A malicious application may be able to disclose kernel memory

Description: A logic issue was addressed with improved validation.

CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

Bluetooth

Available for: macOS Catalina

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved validation.

CVE-2021-30935: an anonymous researcher

ColorSync

Available for: macOS Catalina

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30942: Mateusz Jurczyk of Google Project Zero

CoreAudio

Available for: macOS Catalina

Impact: Playing a malicious audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

CoreAudio

Available for: macOS Catalina

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab

CVE-2021-30961: an anonymous researcher

CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab

Crash Reporter

Available for: macOS Catalina

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

Graphics Drivers

Available for: macOS Catalina

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30977: Jack Dates of RET2 Systems, Inc.

Help Viewer

Available for: macOS Catalina

Impact: Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk

Description: A path handling issue was addressed with improved validation.

CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

ImageIO

Available for: macOS Catalina

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro

Intel Graphics Driver

Available for: macOS Catalina

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30981: an anonymous researcher, Liu Long of Ant Security Light-Year Lab

IOUSBHostFamily

Available for: macOS Catalina

Impact: A remote attacker may be able to cause unexpected application termination or heap corruption

Description: A race condition was addressed with improved locking.

CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

Kernel

Available for: macOS Catalina

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30927: Xinru Chi of Pangu Lab

CVE-2021-30980: Xinru Chi of Pangu Lab

Kernel

Available for: macOS Catalina

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2021-30937: Sergei Glazunov of Google Project Zero

Kernel

Available for: macOS Catalina

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30949: Ian Beer of Google Project Zero

LaunchServices

Available for: macOS Catalina

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved validation.

CVE-2021-30990: Ron Masas of BreakPoint.sh

LaunchServices

Available for: macOS Catalina

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.

CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

Model I/O

Available for: macOS Catalina

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

Model I/O

Available for: macOS Catalina

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro

Model I/O

Available for: macOS Catalina

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

Model I/O

Available for: macOS Catalina

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security

Model I/O

Available for: macOS Catalina

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security

Preferences

Available for: macOS Catalina

Impact: A malicious application may be able to elevate privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)

Sandbox

Available for: macOS Catalina

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions.

CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security

Script Editor

Available for: macOS Catalina

Impact: A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions

Description: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary.

CVE-2021-30975: Ryan Pickren (ryanpickren.com)

TCC

Available for: macOS Catalina

Impact: A local user may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved state management.

CVE-2021-30767: @gorelics

TCC

Available for: macOS Catalina

Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients

Description: A logic issue was addressed with improved state management.

CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security

Wi-Fi

Available for: macOS Catalina

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: This issue was addressed with improved checks.

CVE-2021-30938: Xinru Chi of Pangu Lab