Multiple vulnerabilities in Apple macOS Big Sur
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 83 |
| CVE-ID | CVE-2020-36225 CVE-2020-36229 CVE-2020-36230 CVE-2020-36222 CVE-2020-36228 CVE-2020-36221 CVE-2020-36224 CVE-2020-36223 CVE-2020-36227 CVE-2020-36226 CVE-2021-23841 CVE-2021-30713 CVE-2021-30727 CVE-2021-30686 CVE-2021-30681 CVE-2021-30685 CVE-2021-30707 CVE-2021-30669 CVE-2021-30688 CVE-2021-30676 CVE-2021-30678 CVE-2021-30701 CVE-2021-30705 CVE-2021-30700 CVE-2021-30687 CVE-2021-30683 CVE-2021-30710 CVE-2021-30697 CVE-2021-30735 CVE-2021-30684 CVE-2021-30673 CVE-2021-30724 CVE-2021-30726 CVE-2021-30728 CVE-2021-30719 CVE-2021-30679 CVE-2021-30693 CVE-2021-30725 CVE-2021-30709 CVE-2021-30708 CVE-2021-30695 CVE-2021-30746 CVE-2021-30694 CVE-2021-30692 CVE-2021-30691 CVE-2021-30723 CVE-2021-30696 CVE-2021-30702 CVE-2021-30677 CVE-2021-30680 CVE-2021-30739 CVE-2021-30736 CVE-2021-30715 CVE-2021-30704 CVE-2021-30740 CVE-2021-30671 CVE-2021-30718 CVE-2021-30668 CVE-2021-30722 CVE-2021-30721 CVE-2021-30712 CVE-2021-30717 CVE-2021-30716 CVE-2021-30737 CVE-2021-30738 CVE-2021-30698 CVE-2021-30720 CVE-2021-30734 CVE-2021-30749 CVE-2021-30689 CVE-2021-30682 CVE-2021-21779 CVE-2021-30744 CVE-2021-30751 CVE-2021-30771 CVE-2021-30755 CVE-2021-30753 CVE-2021-30756 CVE-2021-30672 CVE-2021-30703 CVE-2021-30706 CVE-2021-30731 CVE-2021-30733 |
| CWE-ID | CWE-415 CWE-843 CWE-617 CWE-191 CWE-763 CWE-835 CWE-399 CWE-476 CWE-20 CWE-264 CWE-121 CWE-61 CWE-125 CWE-119 CWE-254 CWE-552 CWE-416 CWE-200 CWE-787 CWE-300 CWE-284 CWE-62 CWE-79 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #12 is being exploited in the wild. Public exploit code for vulnerability #59 is available. Public exploit code for vulnerability #60 is available. Public exploit code for vulnerability #61 is available. Public exploit code for vulnerability #62 is available. Public exploit code for vulnerability #63 is available. Public exploit code for vulnerability #71 is available. Public exploit code for vulnerability #72 is available. Public exploit code for vulnerability #82 is available. |
| Vulnerable software Subscribe |
macOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 83 vulnerabilities.
Updated: 24.05.2021
Added vulnerabilities #13-73, raised bulletin risk level to High.
Updated: 25.05.2021
Added additional information for vulnerability #12.
Updated: 16.02.2022
Added vulnerabilities #74-83.
1) Double Free
EUVDB-ID: #VU50392
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36225
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the saslAuthzTo processing. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Type Confusion
EUVDB-ID: #VU50396
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36229
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in ldap_X509dn2bv when parsing X.509 DN in ad_keystring. A remote attacker can send a specially crafted request to slapd and crash it.
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Reachable Assertion
EUVDB-ID: #VU50397
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36230
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when parsing the X.509 DN within the ber_next_element() function in decode.c. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Reachable Assertion
EUVDB-ID: #VU50390
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36222
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in slapd in the saslAuthzTo validation. A remote attacker can send a specially crafted request and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer underflow
EUVDB-ID: #VU50395
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36228
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow when processing the certificate list exact assertion. A remote attacker can send a specially crafted request to the slapd, trigger integer underflow and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer underflow
EUVDB-ID: #VU50389
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36221
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow within the serialNumberAndIssuerCheck() function in schema_init.c. A remote attacker can send a specially crafted request to the affected application, trigger an integer underflow and crash the slapd.
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Release of invalid pointer or reference
EUVDB-ID: #VU50398
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36224
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to release of an invalid pointer when processing saslAuthzTo requests. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Double Free
EUVDB-ID: #VU50391
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36223
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error during the Values Return Filter control handling. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Infinite loop
EUVDB-ID: #VU50394
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36227
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in slapd with the cancel_extop Cancel operation. A remote attacker can send a specially crafted request and perform a denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource management error
EUVDB-ID: #VU50393
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36226
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application leading to a memch->bv_len miscalculation during saslAuthzTo processing. A remote attacker can send specially crafted request to the slapd and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU50740
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23841
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the X509_issuer_and_serial_hash() function when parsing the issuer field in the X509 certificate. A remote attacker can supply a specially crafted certificate, trigger a NULL pointer dereference error and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU53442
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-30713
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass Privacy preferences.
The vulnerability exists due to insufficient validation of user-supplied input within the TCC subsystem. A malicious application can bypass Privacy preferences and gain full disk access, perform screen recording or gain other permissions without requiring user's explicit consent.
Note, the vulnerability is being actively exploited in the wild by XCSSET malware.
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
13) Security restrictions bypass
EUVDB-ID: #VU53451
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30727
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions in Crash reported component. A local application can modify protected parts of the file system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Stack-based buffer overflow
EUVDB-ID: #VU53450
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30686
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition within the
USACBitstreamReader function in AudioCodecs. A remote attacker can
create a specially crafted LOAS file, trick the victim into opening it,
trigger a stack-based buffer overflow and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-756/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) UNIX symbolic link following
EUVDB-ID: #VU53449
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30681
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue within the Core Services subsystem. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU53448
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30685
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the AudioToolboxCore framework in Audio subsystem. A remote attacker can create a specially crafted AAC file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-757/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Buffer overflow
EUVDB-ID: #VU53447
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30707
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Audio subsystem. A remote attacker can create a specially crafted audio file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-765/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Security features bypass
EUVDB-ID: #VU53446
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30669
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic error in AppleScript. A local application can bypass Gatekeeper checks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Files or Directories Accessible to External Parties
EUVDB-ID: #VU53445
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30688
CWE-ID:
CWE-552 - Files or Directories Accessible to External Parties
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to bypass implemented security restrictions.
The vulnerability exists due to improper file path validation within the App Store component. A malicious application can break out of its sandbox.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Security restrictions bypass
EUVDB-ID: #VU53444
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30676
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the system or read kernel memory.
The vulnerability exists due to application does not properly impose security restrictions within the AMD subsystem. A local user can trigger the system crash or read kernel memory.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Security restrictions bypass
EUVDB-ID: #VU53443
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30678
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to application does not properly impose security restrictions within the AMD subsystem. A remote attacker can crash the system or execute arbitrary code.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Buffer overflow
EUVDB-ID: #VU53462
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30701
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing image files in ImageIO. A remote attacker can create a specially crafted PICT image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-785/
http://www.zerodayinitiative.com/advisories/ZDI-21-792/
http://www.zerodayinitiative.com/advisories/ZDI-21-793/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds read
EUVDB-ID: #VU53461
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30705
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted ASTC file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Out-of-bounds read
EUVDB-ID: #VU53460
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30700
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU53459
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30687
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU53458
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30683
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Heimdal. A malicious application can trigger use-after-free error and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Buffer overflow
EUVDB-ID: #VU53457
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30710
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to disclose sensitive information.
The vulnerability exists due to a boundary error in Heimdal. A malicious application can trigger memory corruption and cause a denial of service or potentially disclose memory contents.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Information disclosure
EUVDB-ID: #VU53456
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30697
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Heimdal. A local user can gain unauthorized access to sensitive user information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds write
EUVDB-ID: #VU53455
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30735
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Graphics Drivers. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-769/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Buffer overflow
EUVDB-ID: #VU53454
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30684
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Graphics Drivers. A remote attacker can execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Security restrictoins bypass
EUVDB-ID: #VU53453
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30673
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to application does not properly impose security restrictions in Dock component. A local application can bypass security restrictions and access user's call history.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Security restrictoins bypass
EUVDB-ID: #VU53452
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30724
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in CVMS. A local user can bypass security restrictions and escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-794/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds write
EUVDB-ID: #VU53465
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30726
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Intel Graphics Driver. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code on the target system with kernel privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Out-of-bounds write
EUVDB-ID: #VU53464
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30728
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Intel Graphics Driver. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code on the target system with kernel privileges.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU53463
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30719
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Intel Graphics Driver. A local user can run a specially crafted program to trigger an out-of-bounds read error and read contents of kernel memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-770/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Security restrictions bypass
EUVDB-ID: #VU53485
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30679
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists in the NSOpenPanel due to application does not properly impose security restrictions. A local application can escalate privileges on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Out-of-bounds write
EUVDB-ID: #VU53484
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30693
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Model I/O. A remote attacker can create a specially crafted image file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-763/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds write
EUVDB-ID: #VU53483
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30725
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Model I/O. A remote attacker can create a specially crafted USD file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-795/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Out-of-bounds read
EUVDB-ID: #VU53482
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30709
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-766/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU53481
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30708
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-767/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU53480
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30695
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-764/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU53479
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30746
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-791/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds read
EUVDB-ID: #VU53478
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30694
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-762/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Out-of-bounds read
EUVDB-ID: #VU53477
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30692
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-760/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Out-of-bounds read
EUVDB-ID: #VU53476
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30691
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-759/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Out-of-bounds read
EUVDB-ID: #VU53475
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30723
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-796/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Man-in-the-Middle (MitM) attack
EUVDB-ID: #VU53474
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30696
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
the vulnerability exists die to a logic issue in the Mail component. A remote attacker on the local network can perform MitM attack.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Security features bypass
EUVDB-ID: #VU53473
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30702
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass Login Window.
The vulnerability exists due to a logical issue in the Login Window. A local attacker with physical access to the system can bypass the Login Windows protection screen and gain unauthorized access to the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Security features bypass
EUVDB-ID: #VU53472
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30677
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic issue in LaunchServices. A local application can break out of its sandbox.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Security features bypass
EUVDB-ID: #VU53471
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30680
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists in the Kext Management subsystem. A local user can load unsigned kernel extensions.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Buffer overflow
EUVDB-ID: #VU53470
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30739
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in OS kernel subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Buffer overflow
EUVDB-ID: #VU53469
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30736
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in OS kernel subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Input validation error
EUVDB-ID: #VU53468
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30715
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in OS Kernel subsystem. A remote attacker can send a specially crafted message to he system and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Security restrictions bypass
EUVDB-ID: #VU53467
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30704
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management in OS Kernel subsystem. A local user can execute arbitrary code on the system with kernel privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Security restrictions bypass
EUVDB-ID: #VU53466
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30740
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management in OS Kernel subsystem. A local user can execute arbitrary code on the system with kernel privileges.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU53495
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30671
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper permissions management in TCC. A local application can send unauthorized Apple events to Finder.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Improper access control
EUVDB-ID: #VU53494
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30718
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Software Update component. A local user can modify restricted settings.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Security features bypass
EUVDB-ID: #VU53493
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30668
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass the Login Window.
The vulnerability exists in the Software Update component. An attacker with physical access to the system can bypass the Login Windows during software update and gain unauthorized access to the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Information disclosure
EUVDB-ID: #VU53492
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-30722
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in smbx. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1268
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
60) Input validation error
EUVDB-ID: #VU53491
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-30721
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input when processing paths in smbx. A remote attacker on the local network can pass specially crafted input to the application and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1269
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
61) Buffer overflow
EUVDB-ID: #VU53490
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-30712
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in smbx. A remote attacker on the local network can send specially crafted data to the application, trigger memory corruption and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1258
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
62) Buffer overflow
EUVDB-ID: #VU53489
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-30717
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in smbx. A remote attacker on the local network can send specially crafted data to the application, trigger memory corruption and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1260
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
63) Input validation error
EUVDB-ID: #VU53488
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-30716
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in smbx. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1263
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
64) Buffer overflow
EUVDB-ID: #VU53487
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30737
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the ASN.1 decoder when processing TLS certificates. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption with a specially crafted TLS certificate and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) UNIX Hard Link
EUVDB-ID: #VU53486
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30738
CWE-ID:
CWE-62 - UNIX Hard Link
Exploit availability: No
DescriptionThe vulnerability allows a local application to overwrite arbitrary files.
The vulnerability exists due to path validation logic for hardlinks in PackageKit. A local application can overwrite arbitrary files on the system.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) NULL pointer dereference
EUVDB-ID: #VU53503
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30698
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in webRTC. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Security features bypass
EUVDB-ID: #VU53502
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30720
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in WebKit due to the way the component handles links to internal resources. A remote attacker can create a specially crafted web page and trick the application to connect to arbitrary internal addresses.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Buffer overflow
EUVDB-ID: #VU53501
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30734
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web oage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-790/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Buffer overflow
EUVDB-ID: #VU53500
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30749
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the KeyframeEffect class in WebKit. A remote attacker can create a specially crafted web oage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-21-761/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Universal cross-site scripting
EUVDB-ID: #VU53499
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30689
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Information disclosure
EUVDB-ID: #VU53498
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-30682
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in webKit. A remote attacker can gain unauthorized access to sensitive user information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
72) Use-after-free
EUVDB-ID: #VU53497
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-21779
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1238
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
73) Universal cross-site scripting
EUVDB-ID: #VU53496
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30744
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Security features bypass
EUVDB-ID: #VU60667
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30751
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to bypass implemented security restrictions.
The vulnerability exists in the Sandbox feature. A malicious application can bypass certain Privacy preferences and gain access to sensitive information.
Install updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.6.3 20G415
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Out-of-bounds write
EUVDB-ID: #VU60664
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30771
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in FontParser component. A remote attacker can create a specially crafted document with an embedded malicious TTF font file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
http://www.zerodayinitiative.com/advisories/ZDI-22-377/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Out-of-bounds read
EUVDB-ID: #VU60665
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30755
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the FontParser component. A remote attacker can create a specially crafted document with an embedded malicious font file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Out-of-bounds read
EUVDB-ID: #VU60663
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30753
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreText subsystem when processing fonts. A remote attacker can create a specially crafted document with an embedded malicious font file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU60666
Risk: Low
CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30756
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a attacker to escalate privileges on the system.
The vulnerability exists due to improper permission check in the in Now Playing feature within the MediaRemote subsystem. An attacker with physical access to the system can observe Now Playing information from the lock screen.
MitigationInstall updates from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Buffer overflow
EUVDB-ID: #VU55227
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30672
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privilege son the system.
The vulnerability exists due to a boundary error within Bluetooth implementation. A local application can trigger memory corruption and execute arbitrary code on the target system with root privileges.
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Double Free
EUVDB-ID: #VU55230
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30703
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the OS kernel subsystem. A local user can trigger a double free error and execute arbitrary code with kernel privileges.
Install update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Out-of-bounds read
EUVDB-ID: #VU55254
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30706
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ImageIO framework. A remote attacker can create a specially crafted WEBP file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU55229
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30731
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions within the IOUSBHostFamily. A local unprivileged application can capture USB devices.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Out-of-bounds read
EUVDB-ID: #VU55228
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30733
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within CoreText. A remote attacker can create a specially crafted font file, trick the victim into opening it, trigger out-of-bounds read error and read contents of process memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsmacOS: 11.0 20A2411 - 11.3.1 20E241
External linkshttp://support.apple.com/en-us/HT212529
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
