Apple Security Advisory 2021-07-21-2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-07-21-2 macOS Big Sur 11.5

macOS Big Sur 11.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212602.

AMD Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30805: ABC Research s.r.o

AppKit
Available for: macOS Big Sur
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day
Initiative

Audio
Available for: macOS Big Sur
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30781: tr3e

AVEVideoEncoder
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30748: George Nosenko

CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab

CoreAudio
Available for: macOS Big Sur
Impact: Playing a malicious audio file may lead to an unexpected
application termination
Description: A logic issue was addressed with improved validation.
CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab

CoreGraphics
Available for: macOS Big Sur
Impact: Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A race condition was addressed with improved state
handling.
CVE-2021-30786: ryuzaki

CoreServices
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: This issue was addressed with improved checks.
CVE-2021-30772: Zhongcheng Li (CK01)

CoreServices
Available for: macOS Big Sur
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30783: Ron Waisberg (@epsilan)

CoreStorage
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: An injection issue was addressed with improved
validation.
CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video
Communications and Gary Nield of ECSC Group plc

CoreText
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of
Knownsec 404 team

Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30774: Yizhuo Wang of Group of Software Security In
Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University

CVMS
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video
Communications

dyld
Available for: macOS Big Sur
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved validation.
CVE-2021-30768: Linus Henze (pinauten.de)

FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30760: Sunglin of Knownsec 404 team

FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted tiff file may lead to a
denial-of-service or potentially disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative

FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day
Initiative

Identity Services
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user’s recent
Contacts
Description: A permissions issue was addressed with improved
validation.
CVE-2021-30803: Csaba Fitzl (@theevilbit) of Offensive Security

ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security

ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of
Trend Micro

Intel Graphics Driver
Available for: macOS Big Sur
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: This issue was addressed with improved checks.
CVE-2021-30787: Anonymous working with Trend Micro Zero Day
Initiative

Intel Graphics Driver
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30766: Liu Long of Ant Security Light-Year Lab
CVE-2021-30765: Liu Long of Ant Security Light-Year Lab

IOKit
Available for: macOS Big Sur
Impact: A local attacker may be able to execute code on the Apple T2
Security Chip
Description: Multiple issues were addressed with improved logic.
CVE-2021-30784: George Nosenko

Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab

Kext Management
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences
Description: This issue was addressed with improved entitlements.
CVE-2021-30778: Csaba Fitzl (@theevilbit) of Offensive Security

libxml2
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2021-3518

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved validation.
CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30792: Anonymous working with Trend Micro Zero Day
Initiative

Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30791: Anonymous working with Trend Micro Zero Day
Initiative

Sandbox
Available for: macOS Big Sur
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved checks.
CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security

TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: A logic issue was addressed with improved state
management.
CVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro

WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30758: Christoph Guttandin of Media Codings

WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30795: Sergei Glazunov of Google Project Zero

WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to code
execution
Description: This issue was addressed with improved checks.
CVE-2021-30797: Ivan Fratric of Google Project Zero

WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30799: Sergei Glazunov of Google Project Zero

Additional recognition

configd
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

CoreText
We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for
their assistance.

crontabs
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

Spotlight
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

Installation note:

This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8YACgkQZcsbuWJ6
jjAHog//cJsC4OL9lXnFSg2S4cf/eiIPNiUv4T2I5DvDFsmeUGF0hXsfKkOgNw+9
Mp4qW/3mzVDoB5nQpyjRie/zGNsmpEKLThakL7z9mJs+lYWhBJOJEZMlZqLD/7hZ
dtBG2K28Ffw7ATeivEVtIY8LbAbPbwQqDd0HpUgtnJH6SWKL+9n4ZnppR8jJWmwi
ltopPIMfzwzon0CejZU+SY2Kfpb5DnerNpthH6idTkgt8btqwoscKzmcvu0Ek8bh
aq/0Mv/RbyUw8WIEZuPFICX+4yPVb/WiVFRVTGOiP/97EibqLGrQceiczBPJTfe4
D2aafbG+eyVMujjVMDPs1/q3T1GEZHBmETj7Pqigar/ymSfJfwnwYdhpPyYbffY7
iwUxvH5HFDeiotlMELeqdx/2sIVtMrx8IEtnaofevOcY1BP2gmQR+G849B0Rixn1
phCMK38NMp+jrWpdgx4MwO23puMBDWyRZdWn+dygwG3cPnr9/hdTOKB1B1wgpuys
3R5DbmSkOVWmtq+bumEafkywH7bA04SX9R7+jNwtXfEE82ToMJmEvLR5/PmCiMDM
N22My4OWcjOjX8AT8wA732Vi6J2qytxMbkIupa794fy9Oea2WTPlFwcw1YKhP4NO
Mvs1tHLJb/hwxc1Nyi4ojPZNYKNn6Gs/E16VEQt+X33bX3vU18E=
=fuQ1
-----END PGP SIGNATURE-----