var-202109-0332
Vulnerability from variot
An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user's credentials from secure text fields. macOS Exists in unspecified vulnerabilities.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: macOS: 10.14.1 18b2107, 10.14.1 18b3094, 10.14.3 18d43, 10.14.3 18d109, 10.14.4 18e227, 10.14.6 18g87, 10.14.6 18g95, 10.14.14 2, 18g1 .6 18g2022 , 10.14.6 18g3020 , 10.14.6 18g4032 , 10.14.6 18g5033 , 10.14.6 18g6032 , 10.14.6 18g6042 , 10.14.6 18g7016 , 10.14.6 18g8022 , 10.15 19a583 , 10.15 19a602 , 10.15 19a603 , 10.15. 1 19b88, 10.15.2 19c57, 10.15.3 19d76, 10.15.4. Information about the security content is also available at https://support.apple.com/HT212327.
APFS Available for: macOS Mojave Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann
Audio Available for: macOS Mojave Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Available for: macOS Mojave Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher
CoreAudio Available for: macOS Mojave Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics Available for: macOS Mojave Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University
CoreText Available for: macOS Mojave Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
curl Available for: macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx
curl Available for: macOS Mojave Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher
DiskArbitration Available for: macOS Mojave Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Csaba Fitzl (@theevilbit) of Offensive Security, an anonymous researcher, and Mikko Kenttälä (@Turmio_) of SensorFu
FontParser Available for: macOS Mojave Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin of Trend Micro
FontParser Available for: macOS Mojave Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27942: an anonymous researcher
Foundation Available for: macOS Mojave Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga
ImageIO Available for: macOS Mojave Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1843: Ye Zhang of Baidu Security
Intel Graphics Driver Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Intel Graphics Driver Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Intel Graphics Driver Available for: macOS Mojave Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Kernel Available for: macOS Mojave Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr
Kernel Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-1851: @0xalsr
Kernel Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
libxpc Available for: macOS Mojave Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins
libxslt Available for: macOS Mojave Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz
NSRemoteView Available for: macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome
Preferences Available for: macOS Mojave Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
smbx Available for: macOS Mojave Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com)
Tailspin Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications
tcpdump Available for: macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher
Time Machine Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc
Wi-Fi Available for: macOS Mojave Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
wifivelocityd Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1873: an anonymous researcher
Installation note:
This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2EACgkQZcsbuWJ6 jjBHBhAAmHYbcREaaxOXQwrb56He+ool1GyXUCGknHRnEO6Ik0nyE/GeUPuv8Y/Q /ywr188mv3ehtjFlXWpHtqwOn0KoNlAlcE+jy9r3QGTxNmBM2z30FeC0wiYYEi7s I5xWkZIcnO1jq2CMGVHHfbLhyLnkWblwWvCOWriCRzbTocEWgEqwrh/uguTVRWB4 oVo8+uHcdiS2gqS0LIMbbvP6SGkfPwVlL8Mr/e96xdditiRbZX01GkAm0l5ezYHt xrs8378fmQK3su4dHrkHpFpTmT3Yib8Jtotat8cgu6lWxLGEFR5kOye4QIjFCl/a UhnR52nlMyYlh4anbqUs7PAh2QDVa3scaRfGTdAogPfaZIAhaaiuj8qXUOsAxEhk rf0TOXmgCDfhuaA08Ys43sgUgunPLOa2+jMT4VspLZxDTkWLDrGFjlM4P5643WrT ITAKLoqq8SOhce6gd3VECvG+EK/fBWrdwzsVDzfxU3yW3kSCKxX25KcRePwJZAAu s1ZZpIZdY7rmi1DwafNSig2dncjUZJy6AhiI5w6cpQzBOQVioU8oac2JDi1X2Rn1 k/D3VQfmYas7HGqUSwx3MUx+yybktm+8Ogo+vtcRKCzUF5t13bwpyAda0mJ62c6L I/ISWomRdC4XX3AQL5EJLzO9slpOBqWsbQb0cULdt+mb4H+nLDE= =NZ77 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.6"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.3"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.14"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013577"
},
{
"db": "NVD",
"id": "CVE-2021-1873"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1959"
}
],
"trust": 0.8
},
"cve": "CVE-2021-1873",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-1873",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-376533",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2021-1873",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-1873",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-1873",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-1873",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-1959",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-376533",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376533"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013577"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1959"
},
{
"db": "NVD",
"id": "CVE-2021-1873"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user\u0027s credentials from secure text fields. macOS Exists in unspecified vulnerabilities.Information may be obtained. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The following products and versions are affected: macOS: 10.14.1 18b2107, 10.14.1 18b3094, 10.14.3 18d43, 10.14.3 18d109, 10.14.4 18e227, 10.14.6 18g87, 10.14.6 18g95, 10.14.14 2, 18g1 .6 18g2022 , 10.14.6 18g3020 , 10.14.6 18g4032 , 10.14.6 18g5033 , 10.14.6 18g6032 , 10.14.6 18g6042 , 10.14.6 18g7016 , 10.14.6 18g8022 , 10.15 19a583 , 10.15 19a602 , 10.15 19a603 , 10.15. 1 19b88, 10.15.2 19c57, 10.15.3 19d76, 10.15.4. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212327. \n\nAPFS\nAvailable for: macOS Mojave\nImpact: A local user may be able to read arbitrary files\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1797: Thomas Tempelmann\n\nAudio\nAvailable for: macOS Mojave\nImpact: An application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork\nAvailable for: macOS Mojave\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1857: an anonymous researcher\n\nCoreAudio\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab\n\nCoreGraphics\nAvailable for: macOS Mojave\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1847: Xuwei Liu of Purdue University\n\nCoreText\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab\n\ncurl\nAvailable for: macOS Mojave\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2020-8285: xnynx\n\ncurl\nAvailable for: macOS Mojave\nImpact: An attacker may provide a fraudulent OCSP response that would\nappear valid\nDescription: This issue was addressed with improved checks. \nCVE-2020-8286: an anonymous researcher\n\nDiskArbitration\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A permissions issue existed in DiskArbitration. This was\naddressed with additional ownership checks. \nCVE-2021-1784: Csaba Fitzl (@theevilbit) of Offensive Security, an\nanonymous researcher, and Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu\n\nFontParser\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous\nresearcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey\nJin of Trend Micro\n\nFontParser\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-27942: an anonymous researcher\n\nFoundation\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-1813: Cees Elzinga\n\nImageIO\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1843: Ye Zhang of Baidu Security\n\nIntel Graphics Driver\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nIntel Graphics Driver\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nIntel Graphics Driver\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nKernel\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1860: @0xalsr\n\nKernel\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1851: @0xalsr\n\nKernel\nAvailable for: macOS Mojave\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nlibxpc\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-30652: James Hutchins\n\nlibxslt\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2021-1875: Found by OSS-Fuzz\n\nNSRemoteView\nAvailable for: macOS Mojave\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1876: Matthew Denton of Google Chrome\n\nPreferences\nAvailable for: macOS Mojave\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nsmbx\nAvailable for: macOS Mojave\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-1878: Aleksandar Nikolic of Cisco Talos\n(talosintelligence.com)\n\nTailspin\nAvailable for: macOS Mojave\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1868: Tim Michaud of Zoom Communications\n\ntcpdump\nAvailable for: macOS Mojave\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-8037: an anonymous researcher\n\nTime Machine\nAvailable for: macOS Mojave\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications\nand Gary Nield of ECSC Group plc\n\nWi-Fi\nAvailable for: macOS Mojave\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nwifivelocityd\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1873: an anonymous researcher\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2EACgkQZcsbuWJ6\njjBHBhAAmHYbcREaaxOXQwrb56He+ool1GyXUCGknHRnEO6Ik0nyE/GeUPuv8Y/Q\n/ywr188mv3ehtjFlXWpHtqwOn0KoNlAlcE+jy9r3QGTxNmBM2z30FeC0wiYYEi7s\nI5xWkZIcnO1jq2CMGVHHfbLhyLnkWblwWvCOWriCRzbTocEWgEqwrh/uguTVRWB4\noVo8+uHcdiS2gqS0LIMbbvP6SGkfPwVlL8Mr/e96xdditiRbZX01GkAm0l5ezYHt\nxrs8378fmQK3su4dHrkHpFpTmT3Yib8Jtotat8cgu6lWxLGEFR5kOye4QIjFCl/a\nUhnR52nlMyYlh4anbqUs7PAh2QDVa3scaRfGTdAogPfaZIAhaaiuj8qXUOsAxEhk\nrf0TOXmgCDfhuaA08Ys43sgUgunPLOa2+jMT4VspLZxDTkWLDrGFjlM4P5643WrT\nITAKLoqq8SOhce6gd3VECvG+EK/fBWrdwzsVDzfxU3yW3kSCKxX25KcRePwJZAAu\ns1ZZpIZdY7rmi1DwafNSig2dncjUZJy6AhiI5w6cpQzBOQVioU8oac2JDi1X2Rn1\nk/D3VQfmYas7HGqUSwx3MUx+yybktm+8Ogo+vtcRKCzUF5t13bwpyAda0mJ62c6L\nI/ISWomRdC4XX3AQL5EJLzO9slpOBqWsbQb0cULdt+mb4H+nLDE=\n=NZ77\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1873"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013577"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-376533"
},
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "PACKETSTORM",
"id": "162362"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1873",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "162360",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013577",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042704",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1409.2",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1959",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "162362",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-376533",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-1873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376533"
},
{
"db": "VULMON",
"id": "CVE-2021-1873"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013577"
},
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1959"
},
{
"db": "NVD",
"id": "CVE-2021-1873"
}
]
},
"id": "VAR-202109-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-376533"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:54:58.400000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212326 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT212325"
},
{
"title": "Apple macOS Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=148636"
},
{
"title": "Apple: macOS Big Sur 11.3",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=c631c09ebe15d0799205eda727cdfeb3"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1873"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013577"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1959"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013577"
},
{
"db": "NVD",
"id": "CVE-2021-1873"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212325"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212326"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212327"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1873"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1409.2"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162360/apple-security-advisory-2021-04-26-3.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35171"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042704"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1860"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1857"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1813"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1840"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1876"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1739"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1851"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1828"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1809"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1875"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1784"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1847"
},
{
"trust": 0.2,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1843"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27942"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1811"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1839"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3838"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1797"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1834"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1808"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1868"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht212325"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212326."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1810"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1740"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1878"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212327."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1805"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376533"
},
{
"db": "VULMON",
"id": "CVE-2021-1873"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013577"
},
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1959"
},
{
"db": "NVD",
"id": "CVE-2021-1873"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-376533"
},
{
"db": "VULMON",
"id": "CVE-2021-1873"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-013577"
},
{
"db": "PACKETSTORM",
"id": "162360"
},
{
"db": "PACKETSTORM",
"id": "162362"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-1959"
},
{
"db": "NVD",
"id": "CVE-2021-1873"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-376533"
},
{
"date": "2022-09-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-013577"
},
{
"date": "2021-04-28T14:58:36",
"db": "PACKETSTORM",
"id": "162360"
},
{
"date": "2021-04-28T15:00:23",
"db": "PACKETSTORM",
"id": "162362"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2021-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-1959"
},
{
"date": "2021-09-08T15:15:12.063000",
"db": "NVD",
"id": "CVE-2021-1873"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-376533"
},
{
"date": "2022-09-16T05:02:00",
"db": "JVNDB",
"id": "JVNDB-2021-013577"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-1959"
},
{
"date": "2022-07-12T17:42:04.277000",
"db": "NVD",
"id": "CVE-2021-1873"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-1959"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "macOS\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-013577"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.