SB2021052502 - Multiple vulnerabilities in Apple macOS Catalina
Published: May 25, 2021 Updated: February 13, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 58 secuirty vulnerabilities.
1) Security restrictions bypass (CVE-ID: CVE-2021-30676)
The vulnerability allows a local user to crash the system or read kernel memory.
The vulnerability exists due to application does not properly impose security restrictions within the AMD subsystem. A local user can trigger the system crash or read kernel memory.
2) Double Free (CVE-ID: CVE-2020-36223)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error during the Values Return Filter control handling. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack.
3) Out-of-bounds read (CVE-ID: CVE-2021-30695)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
4) Out-of-bounds read (CVE-ID: CVE-2021-30708)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
5) Out-of-bounds read (CVE-ID: CVE-2021-30709)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
6) Out-of-bounds write (CVE-ID: CVE-2021-30725)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Model I/O. A remote attacker can create a specially crafted USD file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
7) Security restrictions bypass (CVE-ID: CVE-2021-30679)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists in the NSOpenPanel due to application does not properly impose security restrictions. A local application can escalate privileges on the system.
8) Resource management error (CVE-ID: CVE-2020-36226)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application leading to a memch->bv_len miscalculation during saslAuthzTo processing. A remote attacker can send specially crafted request to the slapd and perform a denial of service (DoS) attack.
9) Type Confusion (CVE-ID: CVE-2020-36229)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error in ldap_X509dn2bv when parsing X.509 DN in ad_keystring. A remote attacker can send a specially crafted request to slapd and crash it.
10) Double Free (CVE-ID: CVE-2020-36225)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the saslAuthzTo processing. A remote attacker can send a specially crafted request to the slapd, trigger a double free error and perform a denial of service (DoS) attack
11) Release of invalid pointer or reference (CVE-ID: CVE-2020-36224)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to release of an invalid pointer when processing saslAuthzTo requests. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.
12) Infinite loop (CVE-ID: CVE-2020-36227)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in slapd with the cancel_extop Cancel operation. A remote attacker can send a specially crafted request and perform a denial of service conditions.
13) Out-of-bounds read (CVE-ID: CVE-2021-30746)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
14) Integer underflow (CVE-ID: CVE-2020-36228)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow when processing the certificate list exact assertion. A remote attacker can send a specially crafted request to the slapd, trigger integer underflow and perform a denial of service (DoS) attack.
15) Integer underflow (CVE-ID: CVE-2020-36221)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow within the serialNumberAndIssuerCheck() function in schema_init.c. A remote attacker can send a specially crafted request to the affected application, trigger an integer underflow and crash the slapd.
16) Reachable Assertion (CVE-ID: CVE-2020-36222)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in slapd in the saslAuthzTo validation. A remote attacker can send a specially crafted request and perform a denial of service (DoS) attack.
17) Reachable Assertion (CVE-ID: CVE-2020-36230)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when parsing the X.509 DN within the ber_next_element() function in decode.c. A remote attacker can send a specially crafted request to slapd and perform a denial of service (DoS) attack.
18) Input validation error (CVE-ID: CVE-2021-30716)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in smbx. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.
19) Buffer overflow (CVE-ID: CVE-2021-30717)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in smbx. A remote attacker on the local network can send specially crafted data to the application, trigger memory corruption and execute arbitrary code on the system.
20) Buffer overflow (CVE-ID: CVE-2021-30712)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in smbx. A remote attacker on the local network can send specially crafted data to the application, trigger memory corruption and execute arbitrary code on the system.
21) Input validation error (CVE-ID: CVE-2021-30721)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input when processing paths in smbx. A remote attacker on the local network can pass specially crafted input to the application and gain access to sensitive information.
22) Information disclosure (CVE-ID: CVE-2021-30722)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in smbx. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
23) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-30671)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to improper permissions management in TCC. A local application can send unauthorized Apple events to Finder.
24) Out-of-bounds write (CVE-ID: CVE-2021-30693)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Model I/O. A remote attacker can create a specially crafted image file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
25) Out-of-bounds read (CVE-ID: CVE-2021-30692)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
26) Security restrictions bypass (CVE-ID: CVE-2021-30678)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to application does not properly impose security restrictions within the AMD subsystem. A remote attacker can crash the system or execute arbitrary code.
27) Information disclosure (CVE-ID: CVE-2021-30697)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Heimdal. A local user can gain unauthorized access to sensitive user information.
28) Security features bypass (CVE-ID: CVE-2021-30669)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic error in AppleScript. A local application can bypass Gatekeeper checks.
29) Out-of-bounds read (CVE-ID: CVE-2021-30685)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the AudioToolboxCore framework in Audio subsystem. A remote attacker can create a specially crafted AAC file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
30) UNIX symbolic link following (CVE-ID: CVE-2021-30681)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue within the Core Services subsystem. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
31) Security restrictoins bypass (CVE-ID: CVE-2021-30724)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in CVMS. A local user can bypass security restrictions and escalate privileges on the system.
32) Security restrictoins bypass (CVE-ID: CVE-2021-30673)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to application does not properly impose security restrictions in Dock component. A local application can bypass security restrictions and access user's call history.
33) Buffer overflow (CVE-ID: CVE-2021-30684)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Graphics Drivers. A remote attacker can execute arbitrary code on the system.
34) Buffer overflow (CVE-ID: CVE-2021-30710)
The vulnerability allows a malicious application to disclose sensitive information.
The vulnerability exists due to a boundary error in Heimdal. A malicious application can trigger memory corruption and cause a denial of service or potentially disclose memory contents.
35) Race condition (CVE-ID: CVE-2021-1884)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a race condition in Heimdal. A remote attacker can crash the application.
36) Heap-based buffer overflow (CVE-ID: CVE-2021-1883)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heimdal when processing server messages. A remote attacker can trick the user to connect to a malicious server, send a specially crafted message, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
37) Use-after-free (CVE-ID: CVE-2021-30683)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Heimdal. A malicious application can trigger use-after-free error and execute arbitrary code with elevated privileges.
38) Out-of-bounds read (CVE-ID: CVE-2021-30694)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
39) Out-of-bounds read (CVE-ID: CVE-2021-30687)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
40) Buffer overflow (CVE-ID: CVE-2021-30701)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing image files in ImageIO. A remote attacker can create a specially crafted PICT image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
41) Out-of-bounds read (CVE-ID: CVE-2021-30705)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted ASTC file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
42) Out-of-bounds write (CVE-ID: CVE-2021-30728)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Intel Graphics Driver. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code on the target system with kernel privileges.
43) Security restrictions bypass (CVE-ID: CVE-2021-30704)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management in OS Kernel subsystem. A local user can execute arbitrary code on the system with kernel privileges.
44) Input validation error (CVE-ID: CVE-2021-30715)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in OS Kernel subsystem. A remote attacker can send a specially crafted message to he system and perform a denial of service (DoS) attack.
45) Security features bypass (CVE-ID: CVE-2021-30702)
The vulnerability allows a local attacker to bypass Login Window.
The vulnerability exists due to a logical issue in the Login Window. A local attacker with physical access to the system can bypass the Login Windows protection screen and gain unauthorized access to the system.
46) Out-of-bounds read (CVE-ID: CVE-2021-30723)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
47) Out-of-bounds read (CVE-ID: CVE-2021-30691)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
48) Out-of-bounds write (CVE-ID: CVE-2021-30743)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in ImageIO. A remote attacker can create a specially crafted PICT file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
49) Stack-based buffer overflow (CVE-ID: CVE-2021-30686)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition within the
USACBitstreamReader function in AudioCodecs. A remote attacker can
create a specially crafted LOAS file, trick the victim into opening it,
trigger a stack-based buffer overflow and execute arbitrary code on the system.
50) Files or Directories Accessible to External Parties (CVE-ID: CVE-2021-30688)
The vulnerability allows a malicious application to bypass implemented security restrictions.
The vulnerability exists due to improper file path validation within the App Store component. A malicious application can break out of its sandbox.
51) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2021-30696)
The vulnerability allows a remote attacker to perform MitM attack.
the vulnerability exists die to a logic issue in the Mail component. A remote attacker on the local network can perform MitM attack.
52) Out-of-bounds read (CVE-ID: CVE-2021-30719)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Intel Graphics Driver. A local user can run a specially crafted program to trigger an out-of-bounds read error and read contents of kernel memory on the system.
53) Out-of-bounds write (CVE-ID: CVE-2021-30726)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Intel Graphics Driver. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code on the target system with kernel privileges.
54) Out-of-bounds write (CVE-ID: CVE-2021-30735)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Graphics Drivers. A local user can trigger memory corruption and execute arbitrary code with kernel privileges.
55) Buffer overflow (CVE-ID: CVE-2021-30737)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the ASN.1 decoder when processing TLS certificates. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption with a specially crafted TLS certificate and execute arbitrary code on the system.
56) Buffer overflow (CVE-ID: CVE-2021-30739)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in OS kernel subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
57) Out-of-bounds read (CVE-ID: CVE-2020-29629)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the FontParser. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
58) Out-of-bounds read (CVE-ID: CVE-2021-30819)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing USD images within the Model I/O subsystem. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
Remediation
Install update from vendor's website.