SB2021020201 - Multiple vulnerabilities in Apple macOS

Description

This security bulletin contains information about 66 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2021-1761)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Analytics component in macOS. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

2) Heap-based buffer overflow (CVE-ID: CVE-2020-29614)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the Model I/O component in macOS. A remote attacker can pass specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

3) Input validation error (CVE-ID: CVE-2021-1793)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.

4) Out-of-bounds write (CVE-ID: CVE-2021-1737)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

5) Out-of-bounds write (CVE-ID: CVE-2021-1738)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

6) Out-of-bounds write (CVE-ID: CVE-2021-1744)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-1779)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a logic error in kext loading in IOKit. A local application can execute arbitrary code with elevated privileges.

8) Out-of-bounds read (CVE-ID: CVE-2021-1757)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the IOSkywalkFamily component in macOS. A local user can run a specially crafted program to trigger out-of-bounds read error and escalate privileges on the system.

9) Use-after-free (CVE-ID: CVE-2021-1764)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the kernel subsystem. A remote attacker can trick the victim to open a specially crafted file and crash the system.

10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-1750)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to logic error within the kernel subsystem. A local application can execute arbitrary code with kernel privileges.

11) Improper Authentication (CVE-ID: CVE-2020-29633)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests in Login Window component in macOS. A remote attacker on the local network can bypass authentication process and gain unauthorized access to the application.

12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-1771)

The vulnerability allows a remote user to bypass implemented security restrictions.

The vulnerability exists due to incorrect access restrictions within the Messages component in macOS. A remote user that is removed from an iMessage group could rejoin the group.

13) Out-of-bounds write (CVE-ID: CVE-2021-1762)

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the Model I/O component in macOS. An attacker can use a specially crafted USD file to crash the system or execute arbitrary code.

14) Buffer overflow (CVE-ID: CVE-2021-1763)

when processing untrusted input within the Model I/O component in macOS. An attacker can use a specially crafted USD file to crash the system or execute arbitrary code.

15) Input validation error (CVE-ID: CVE-2021-1774)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.

16) Heap-based buffer overflow (CVE-ID: CVE-2021-1767)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the Model I/O component in macOS. A remote attacker can pass specially crafted file, trick the victim into opening it,, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

17) Out-of-bounds read (CVE-ID: CVE-2021-1745)

The vulnerability allows a local user to crash the system.

The vulnerability exists due to a boundary condition when processing USB files in the Model I/O component in macOS. A local user can insert a specially crafted USB drive, trigger out-of-bounds read error and crash the system.

18) Out-of-bounds read (CVE-ID: CVE-2021-1753)

The vulnerability allows a local user to crash the system.

The vulnerability exists due to a boundary condition when processing USB files in the Model I/O component in macOS. A local user can insert a specially crafted USB drive, trigger out-of-bounds read error and crash the system.

19) Out-of-bounds read (CVE-ID: CVE-2021-1768)

The vulnerability allows a local user to crash the system.

The vulnerability exists due to a boundary condition when processing USB files in the Model I/O component in macOS. A local user can insert a specially crafted USB drive, trigger out-of-bounds read error and crash the system.

20) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-1751)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions within the NetFSFramework component in macOS. A remote attacker can trick the victim to mount a maliciously Samba network share and execute arbitrary code on the system.

21) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-27938)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions within the Power Management component in macOS. A local application can elevate privileges on the system.

22) Improper Authentication (CVE-ID: CVE-2021-1769)

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests within the Swift component in macOS. A local user with arbitrary read and write capability may be able to bypass Pointer Authentication.

23) Use-after-free (CVE-ID: CVE-2021-1788)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

24) Security restrictions bypass (CVE-ID: CVE-2021-1765)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose sanboxing policy in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it and bypass implemented security restrictions.

25) Security restrictions bypass (CVE-ID: CVE-2021-1801)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose sanboxing policy in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it and bypass implemented security restrictions.

26) Type Confusion (CVE-ID: CVE-2021-1789)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

27) Information disclosure (CVE-ID: CVE-2021-1799)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a port redirection issue in WebRTC. A remote attacker can gain unauthorized access to sensitive information, such as open ports in the local network.

28) Input validation error (CVE-ID: CVE-2021-1777)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.

29) Input validation error (CVE-ID: CVE-2021-1754)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.

30) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-1797)

The vulnerability allows a local user to read arbitrary files on the system.

The vulnerability exists due to application does not properly impose security restrictions within the APFS component in macOS. A local user can read arbitrary files on the system.

31) Out-of-bounds read (CVE-ID: CVE-2021-1790)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing font files within the FontParser component in macOS. A remote attacker can create a specially crafted document or a web page, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

32) Integer overflow (CVE-ID: CVE-2020-27945)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the CFNetwork Cache component in macOS. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

33) Buffer overflow (CVE-ID: CVE-2021-1760)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the CoreAnimation component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

34) Out-of-bounds write (CVE-ID: CVE-2021-1747)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the CoreAudio component in macOS. A remote attacker can trick the victim into visit a specially crafted website, trigger out-of-bounds write and execute arbitrary code on the target system.

35) Out-of-bounds write (CVE-ID: CVE-2021-1776)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing fonts within the CoreGraphics component in macOS. A remote attacker can create a specially crafted website or document, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.

36) Out-of-bounds read (CVE-ID: CVE-2021-1759)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the CoreMedia component in macOS. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

37) Stack-based buffer overflow (CVE-ID: CVE-2021-1772)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the CoreText component in macOS within the parsing of TTF fonts. A remote attacker can create a specially crafted text file, trick the victim into opening it, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

38) Out-of-bounds read (CVE-ID: CVE-2021-1792)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the CoreText component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

39) Input validation error (CVE-ID: CVE-2021-1787)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Crash Reporter component in macOS. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

40) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-1786)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions within the Crash Reporter component in macOS. A local user can create or modify system files and escalate privileges on the system.

41) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-27937)

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to the Directory Utility does not properly impose security restrictions. A local application can access potentially sensitive information.

42) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-1802)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a logical issue within the Endpoint Security component in macOS. A local user can escalate privileges on the system.

43) Out-of-bounds read (CVE-ID: CVE-2021-1791)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the FairPlay component in macOS. A local application can trigger out-of-bounds read error and read contents of kernel memory.

44) Input validation error (CVE-ID: CVE-2021-1775)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing font files within the FontParser component in macOS. A remote attacker can trick the victim to open a specially crafted document or a web page and execute arbitrary code on the system.

45) Input validation error (CVE-ID: CVE-2021-1746)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.

46) Out-of-bounds read (CVE-ID: CVE-2020-29608)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing font files within the FontParser component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

47) Out-of-bounds read (CVE-ID: CVE-2021-1758)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing font files within the FontParser component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

48) Buffer overflow (CVE-ID: CVE-2021-1783)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

49) Out-of-bounds read (CVE-ID: CVE-2021-1741)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

50) Out-of-bounds read (CVE-ID: CVE-2021-1743)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

51) Input validation error (CVE-ID: CVE-2021-1773)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can pass specially crafted file to the application and perform a denial of service (DoS) attack.

52) Out-of-bounds read (CVE-ID: CVE-2021-1778)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when processing image files within the curl implementation in the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the system.

53) Out-of-bounds read (CVE-ID: CVE-2021-1736)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

54) Out-of-bounds read (CVE-ID: CVE-2021-1785)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

55) Input validation error (CVE-ID: CVE-2021-1766)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

56) Buffer overflow (CVE-ID: CVE-2021-1818)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

57) Input validation error (CVE-ID: CVE-2021-1742)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.

58) Buffer overflow (CVE-ID: CVE-2020-27904)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the OS kernel subsystem. A local application can execute arbitrary code with kernel privileges.

59) Race condition (CVE-ID: CVE-2021-1782)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a race condition in the Kernel component. A remote attacker can use a malicious application and escalate privileges on the system.

Note: The vulnerability is being actively exploited in the wild.

60) Reachable Assertion (CVE-ID: CVE-2020-25709)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in certificateListValidate() function in schema_init.c. A remote attacker can send specially crafted packet to the slapd daemon, trigger an assertion failure and crash the service.

61) Out-of-bounds read (CVE-ID: CVE-2019-20838)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and X or R has more than one fixed quantifier, a related issue to CVE-2019-20454.

62) Integer overflow (CVE-ID: CVE-2020-14155)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow. A remote attacker can pass a large number after a (?C substring, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

63) Out-of-bounds write (CVE-ID: CVE-2020-15358)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.

64) Business Logic Errors (CVE-ID: CVE-2021-1871)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.

Note: The vulnerability is being actively exploited in the wild.

65) Business Logic Errors (CVE-ID: CVE-2021-1870)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.

Note: The vulnerability is being actively exploited in the wild.

66) Information disclosure (CVE-ID: CVE-2021-1781)

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a privacy issue in the handling of Contact cards. A local application can gain unauthorized access to sensitive private data.

Remediation

Install update from vendor's website.

References

• https://support.apple.com/en-us/HT212147
• https://support.apple.com/en-us/HT212326
• https://www.zerodayinitiative.com/advisories/ZDI-21-758/