Apple Security Advisory 2021-07-21-4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-07-21-4 Security Update 2021-005 Mojave

Security Update 2021-005 Mojave addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212603.

AMD Kernel
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30805: ABC Research s.r.o

AppKit
Available for: macOS Mojave
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day
Initiative

Audio
Available for: macOS Mojave
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30781: tr3e

Bluetooth
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30672: say2 of ENKI

CoreStorage
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: An injection issue was addressed with improved
validation.
CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video
Communications and Gary Nield of ECSC Group plc

CoreText
Available for: macOS Mojave
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30733: Sunglin from the Knownsec 404

CVMS
Available for: macOS Mojave
Impact: A malicious application may be able to gain root privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video
Communications

FontParser
Available for: macOS Mojave
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30760: Sunglin of Knownsec 404 team

FontParser
Available for: macOS Mojave
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A stack overflow was addressed with improved input
validation.
CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day
Initiative

FontParser
Available for: macOS Mojave
Impact: Processing a maliciously crafted tiff file may lead to a
denial-of-service or potentially disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative

Intel Graphics Driver
Available for: macOS Mojave
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: This issue was addressed with improved checks.
CVE-2021-30787: Anonymous working with Trend Micro Zero Day
Initiative

Intel Graphics Driver
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30765: Liu Long of Ant Security Light-Year Lab
CVE-2021-30766: Liu Long of Ant Security Light-Year Lab

Kernel
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A double free issue was addressed with improved memory
management.
CVE-2021-30703: an anonymous researcher

Kernel
Available for: macOS Mojave
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab

LaunchServices
Available for: macOS Mojave
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)

LaunchServices
Available for: macOS Mojave
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with improved access
restrictions.
CVE-2021-30783: Ron Waisberg (@epsilan)

Model I/O
Available for: macOS Mojave
Impact: Processing a maliciously crafted image may lead to a denial
of service
Description: A logic issue was addressed with improved validation.
CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro

Sandbox
Available for: macOS Mojave
Impact: A malicious application may be able to access restricted
files
Description: This issue was addressed with improved checks.
CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security

WebKit
Available for: macOS Mojave
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30799: Sergei Glazunov of Google Project Zero

Additional recognition

configd
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

CoreServices
We would like to acknowledge Zhongcheng Li (CK01) for their
assistance.

CoreText
We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for
their assistance.

crontabs
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

IOKit
We would like to acknowledge George Nosenko for their assistance.

Spotlight
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.

Installation note:

This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8gACgkQZcsbuWJ6
jjAFqw//aRrp4GJSvgT+hScSa6eEABeqAhFgN5tnuRq5i08PpnrHvHqzTHK/Mt14
XEC1ki6Vzhe68ngSqGwLllEv1UjMZ2BkCCNQWse5RmkPvjwXO815SjZyJuVWwVdf
t4zlfFaMKS/kzxugIMUD6auYUKGaqV3FJYvWYBStvbdv5veu1zuEH5d7MxeQ/A8X
32oM7I1anDUEC7yRjT4yV567ameQElIiv+plLgyQwvK4DcRCNPvpdq+7wLgnoeXU
WYFUOVsJkzFy1oOnVUmX/DQgoYW7jbZzN2+rnPRcYMl+VqpQDP0leefMOTY2OPlR
CAbJD7N67UZwC/e4PKIv6Q5q+ajqsnqo9MOmmB8kbVHn9aIU2Z52FxIv7fM58cA0
OQOYcngSHboz1q2JMjhBm+RJWy67B/1W6F/TOklbdMTlIlF/e3EkL/kpx0Svvpco
zCOv1KeS4NO/gxijkLxuZzMhFzj3Gl+hMBwwVARIR4TbvKX0oqiHetGL0ImnHVKy
P+AXZwvqSHdV9XOxz2BQoSaeMxTNfwp+TIIttbLPU8no8uUcJKgPx5fp/+nnWjrd
IPCBc0JG9f41nbx/WlVFIaBZ0idS6c5g9zxDyBI1xaxbF0LPG3ID3sx589Nj5+wL
/p8WfH/o9nv7psvQMO8PgzQ+orSZo5LOBAq1rFzwOKGPZaYNeKc=gcuI
-----END PGP SIGNATURE-----