var-202108-1290
Vulnerability from variot
This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions. apple's Apple Mac OS X and macOS Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-12-15-4 Security Update 2021-008 Catalina
Security Update 2021-008 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212981.
Archive Utility Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30950: @gorelics
Bluetooth Available for: macOS Catalina Impact: A malicious application may be able to disclose kernel memory Description: A logic issue was addressed with improved validation. CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America
Bluetooth Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30935: an anonymous researcher
ColorSync Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. CVE-2021-30942: Mateusz Jurczyk of Google Project Zero
CoreAudio Available for: macOS Catalina Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: macOS Catalina Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab CVE-2021-30961: an anonymous researcher CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab
Crash Reporter Available for: macOS Catalina Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
Graphics Drivers Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30977: Jack Dates of RET2 Systems, Inc.
Help Viewer Available for: macOS Catalina Impact: Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk Description: A path handling issue was addressed with improved validation. CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro
Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30981: an anonymous researcher, Liu Long of Ant Security Light-Year Lab
IOUSBHostFamily Available for: macOS Catalina Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: A race condition was addressed with improved locking. CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America
Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab
Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero
Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero
LaunchServices Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved validation. CVE-2021-30990: Ron Masas of BreakPoint.sh
LaunchServices Available for: macOS Catalina Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab
Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab
Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro
Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may disclose memory contents Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab
Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security
Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security
Preferences Available for: macOS Catalina Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Sandbox Available for: macOS Catalina Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30975: Ryan Pickren (ryanpickren.com)
TCC Available for: macOS Catalina Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics
TCC Available for: macOS Catalina Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients Description: A logic issue was addressed with improved state management. CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security
Wi-Fi Available for: macOS Catalina Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: This issue was addressed with improved checks. CVE-2021-30938: Xinru Chi of Pangu Lab
Additional recognition
Admin Framework We would like to acknowledge Simon Andersen of Aarhus University and Pico Mitchell for their assistance.
ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.
Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.
Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.
Model I/O We would like to acknowledge Rui Yang and Xingwei Lin of Ant Security Light-Year Lab for their assistance.
Installation note: This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UncACgkQeC9qKD1p rhjGSBAAoeUkEMVuTZr0ZVlGyC5t9WhyhwA61KTb175rNIYhcZcIXHrNyNZjoSem +clW2k6Cjr4p9pc9aP7JLT47C+FKTQ1zh2FujC2OOsCXm2Wl8hJWS7FIYwpjEXrx ZtklOX826rmYIXrQ4YJhpDgwiIjA8bL8oiRHIA3jz3ZcWsSIg8aFJos+8hkSE7zc dvDnhKTBA02u9TkCMR5Wr+jTnWWT6qyKj99WYxdRlVPkNNOHQC0AldYSkItHCdtg xEx5/3T4zTi1AqCikb1avzPhKSgFHQyZ9BSxVHkcGIo4bgK4Wxlmb6I2/qi9PB6E dJMbwsXKtFxY25GzYbPMeTDeIXeF2wBWfgwUau6kkL77xUXrQZjxh3K2goxnkuid ZRWMhmXZ38NcnkLgYVB8mN3db2/hcgi8+G682Z9EKyzUWpQz+szpZ8pxuIVGcTPV visbanyF6jfLrWrIgrRPfPini/hph51BGZuo2+2aQis/ULgtfvMGTvbirIjP0fa/ AatIMHkYm9EgvjWLLoaFUWMEIAsbkC/YUe3SLVti9h+3Z+jQ+Wbu+6vQhgKHFdC/ cnqcvYCLL/Ltx1ukw4GJD/e+I8F2eY5aRpMxDd4FCjLW2BVxm+JJE+CXcG54HHXX +TY9buDFMorLtIjGaCnQf/5cUo/K2ExhFT8689VkdkPUI8VCBAQ=EWN0 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1290",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "12.0 that\u0027s all 12.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "11.0 that\u0027s all 11.6.2"
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021144"
},
{
"db": "NVD",
"id": "CVE-2021-30975"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "165357"
}
],
"trust": 0.1
},
"cve": "CVE-2021-30975",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30975",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-390708",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-30975",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30975",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30975",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-30975",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2100",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-390708",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390708"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021144"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2100"
},
{
"db": "NVD",
"id": "CVE-2021-30975"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions. apple\u0027s Apple Mac OS X and macOS Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-12-15-4 Security Update 2021-008 Catalina\n\nSecurity Update 2021-008 Catalina addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212981. \n\nArchive Utility\nAvailable for: macOS Catalina\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30950: @gorelics\n\nBluetooth\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC\nRiverside, and Yu Wang of Didi Research America\n\nBluetooth\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30935: an anonymous researcher\n\nColorSync\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue in the processing of ICC\nprofiles was addressed with improved input validation. \nCVE-2021-30942: Mateusz Jurczyk of Google Project Zero\n\nCoreAudio\nAvailable for: macOS Catalina\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: macOS Catalina\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab\nCVE-2021-30961: an anonymous researcher\nCVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: macOS Catalina\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nGraphics Drivers\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-30977: Jack Dates of RET2 Systems, Inc. \n\nHelp Viewer\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted URL may cause unexpected\nJavaScript execution from a file on disk\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nImageIO\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nIntel Graphics Driver\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-30981: an anonymous researcher, Liu Long of Ant Security\nLight-Year Lab\n\nIOUSBHostFamily\nAvailable for: macOS Catalina\nImpact: A remote attacker may be able to cause unexpected application\ntermination or heap corruption\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC\nRiverside, and Yu Wang of Didi Research America\n\nKernel\nAvailable for: macOS Catalina\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nLaunchServices\nAvailable for: macOS Catalina\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30990: Ron Masas of BreakPoint.sh\n\nLaunchServices\nAvailable for: macOS Catalina\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent\nSecurity Xuanwu Lab\n\nModel I/O\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab\n\nModel I/O\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab\nCVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab\n\nModel I/O\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted file may disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security\n\nModel I/O\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security\n\nPreferences\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30975: Ryan Pickren (ryanpickren.com)\n\nTCC\nAvailable for: macOS Catalina\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to cause a denial of\nservice to Endpoint Security clients\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security\n\nWi-Fi\nAvailable for: macOS Catalina\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2021-30938: Xinru Chi of Pangu Lab\n\nAdditional recognition\n\nAdmin Framework\nWe would like to acknowledge Simon Andersen of Aarhus University and\nPico Mitchell for their assistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nModel I/O\nWe would like to acknowledge Rui Yang and Xingwei Lin of Ant Security\nLight-Year Lab for their assistance. \n\nInstallation note:\nThis update may be obtained from the Mac App Store\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UncACgkQeC9qKD1p\nrhjGSBAAoeUkEMVuTZr0ZVlGyC5t9WhyhwA61KTb175rNIYhcZcIXHrNyNZjoSem\n+clW2k6Cjr4p9pc9aP7JLT47C+FKTQ1zh2FujC2OOsCXm2Wl8hJWS7FIYwpjEXrx\nZtklOX826rmYIXrQ4YJhpDgwiIjA8bL8oiRHIA3jz3ZcWsSIg8aFJos+8hkSE7zc\ndvDnhKTBA02u9TkCMR5Wr+jTnWWT6qyKj99WYxdRlVPkNNOHQC0AldYSkItHCdtg\nxEx5/3T4zTi1AqCikb1avzPhKSgFHQyZ9BSxVHkcGIo4bgK4Wxlmb6I2/qi9PB6E\ndJMbwsXKtFxY25GzYbPMeTDeIXeF2wBWfgwUau6kkL77xUXrQZjxh3K2goxnkuid\nZRWMhmXZ38NcnkLgYVB8mN3db2/hcgi8+G682Z9EKyzUWpQz+szpZ8pxuIVGcTPV\nvisbanyF6jfLrWrIgrRPfPini/hph51BGZuo2+2aQis/ULgtfvMGTvbirIjP0fa/\nAatIMHkYm9EgvjWLLoaFUWMEIAsbkC/YUe3SLVti9h+3Z+jQ+Wbu+6vQhgKHFdC/\ncnqcvYCLL/Ltx1ukw4GJD/e+I8F2eY5aRpMxDd4FCjLW2BVxm+JJE+CXcG54HHXX\n+TY9buDFMorLtIjGaCnQf/5cUo/K2ExhFT8689VkdkPUI8VCBAQ=EWN0\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30975"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021144"
},
{
"db": "VULHUB",
"id": "VHN-390708"
},
{
"db": "VULMON",
"id": "CVE-2021-30975"
},
{
"db": "PACKETSTORM",
"id": "165357"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30975",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "165357",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021144",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021121431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4265",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2100",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-390708",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30975",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390708"
},
{
"db": "VULMON",
"id": "CVE-2021-30975"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021144"
},
{
"db": "PACKETSTORM",
"id": "165357"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2100"
},
{
"db": "NVD",
"id": "CVE-2021-30975"
}
]
},
"id": "VAR-202108-1290",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390708"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:46:20.680000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212979 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT212978"
},
{
"title": "Apple macOS Big Sur Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176609"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021144"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390708"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021144"
},
{
"db": "NVD",
"id": "CVE-2021-30975"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht212979"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212978"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212981"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30975"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121431"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4265"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165357/apple-security-advisory-2021-12-15-4.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30969"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30938"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30935"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30950"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30941"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30963"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30965"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30931"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30959"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212981."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30940"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390708"
},
{
"db": "VULMON",
"id": "CVE-2021-30975"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021144"
},
{
"db": "PACKETSTORM",
"id": "165357"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2100"
},
{
"db": "NVD",
"id": "CVE-2021-30975"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390708"
},
{
"db": "VULMON",
"id": "CVE-2021-30975"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021144"
},
{
"db": "PACKETSTORM",
"id": "165357"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2100"
},
{
"db": "NVD",
"id": "CVE-2021-30975"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390708"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30975"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021144"
},
{
"date": "2021-12-17T19:19:44",
"db": "PACKETSTORM",
"id": "165357"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2100"
},
{
"date": "2021-08-24T19:15:23.167000",
"db": "NVD",
"id": "CVE-2021-30975"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-390708"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30975"
},
{
"date": "2024-07-18T01:46:00",
"db": "JVNDB",
"id": "JVNDB-2021-021144"
},
{
"date": "2021-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2100"
},
{
"date": "2023-11-07T03:34:09.190000",
"db": "NVD",
"id": "CVE-2021-30975"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Apple\u00a0Mac\u00a0OS\u00a0X\u00a0 and \u00a0macOS\u00a0 Fraud related to unauthorized authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021144"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2100"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.