About the security content of Security Update 2021-002 Catalina

This document describes the security content of Security Update 2021-002 Catalina.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss or confirm security issues until an investigation has taken place and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

Security Update 2021-002 Catalina

Released: 26 April 2021

APFS

Available for: macOS Catalina

Impact: a local user may be able to read arbitrary files

Description: the issue was addressed with improved permissions logic.

CVE-2021-1797: Thomas Tempelmann

Archive Utility

Available for: macOS Catalina

Impact: a malicious application may bypass Gatekeeper checks

Description: a logic issue was addressed with improved state management.

CVE-2021-1810: Rasmus Sten (@pajp) of F-Secure

Audio

Available for: macOS Catalina

Impact: an application may be able to read restricted memory

Description: a memory corruption issue was addressed with improved validation.

CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab

CFNetwork

Available for: macOS Catalina

Impact: processing maliciously crafted web content may disclose sensitive user information

Description: a memory initialisation issue was addressed with improved memory handling.

CVE-2021-1857: an anonymous researcher

CoreAudio

Available for: macOS Catalina

Impact: a malicious application may be able to read restricted memory

Description: a memory corruption issue was addressed with improved validation.

CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab

CoreAudio

Available for: macOS Catalina

Impact: an out-of-bounds read was addressed with improved input validation

Description: processing a maliciously crafted audio file may disclose restricted memory.

CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab

Entry added 21 July 2021

CoreGraphics

Available for: macOS Catalina

Impact: opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: a memory corruption issue was addressed with improved validation.

CVE-2021-1847: Xuwei Liu of Purdue University

CoreText

Available for: macOS Catalina

Impact: processing a maliciously crafted font may result in the disclosure of process memory

Description: a logic issue was addressed with improved state management.

CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab

curl

Available for: macOS Catalina

Impact: a malicious server may be able to disclose active services

Description: this issue was addressed with improved checks.

CVE-2020-8284: Marian Rehak

Entry added: 6 May 2021

curl

Available for: macOS Catalina

Impact: a remote attacker may be able to cause a denial of service

Description: a buffer overflow was addressed with improved input validation.

CVE-2020-8285: xnynx

curl

Available for: macOS Catalina

Impact: an attacker may provide a fraudulent OCSP response that would appear valid

Description: this issue was addressed with improved checks.

CVE-2020-8286: an anonymous researcher

DiskArbitration

Available for: macOS Catalina

Impact: a malicious application may be able to modify protected parts of the file system

Description: a permissions issue existed in DiskArbitration. This was addressed with additional ownership checks.

CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl (@theevilbit) of Offensive Security and an anonymous researcher

FontParser

Available for: macOS Catalina

Impact: processing a maliciously crafted font file may lead to arbitrary code execution

Description: an out-of-bounds read was addressed with improved input validation.

CVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab and Mickey Jin of Trend Micro

FontParser

Available for: macOS Catalina

Impact: processing a maliciously crafted font file may lead to arbitrary code execution

Description: a logic issue was addressed with improved state management.

CVE-2020-27942: an anonymous researcher

Foundation

Available for: macOS Catalina

Impact: a malicious application may be able to gain root privileges

Description: a validation issue was addressed with improved logic.

CVE-2021-1813: Cees Elzinga

Foundation

Available for: macOS Catalina

Impact: an application may be able to gain elevated privileges

Description: a memory corruption issue was addressed with improved validation.

CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)

ImageIO

Available for: macOS Catalina

Impact: processing a maliciously crafted image may lead to arbitrary code execution

Description: this issue was addressed with improved checks.

CVE-2021-1843: Ye Zhang of Baidu Security

ImageIO

Available for: macOS Catalina

Impact: an out-of-bounds write issue was addressed with improved bounds checking

Description: processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2021-1858: Mickey Jin and Qi Sun of Trend Micro (working with Trend Micro's Zero Day Initiative)

Entry added 21 July 2021

Intel Graphics Driver

Available for: macOS Catalina

Impact: a malicious application may be able to execute arbitrary code with kernel privileges

Description: an out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-1834: ABC Research s.r.o. (working with Trend Micro Zero Day Initiative)

Intel Graphics Driver

Available for: macOS Catalina

Impact: an out-of-bounds write issue was addressed with improved bounds checking

Description: a malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2021-1841: Jack Dates of RET2 Systems, Inc.

Entry added 21 July 2021

Kernel

Available for: macOS Catalina

Impact: a malicious application may be able to disclose kernel memory

Description: a memory initialisation issue was addressed with improved memory handling.

CVE-2021-1860: @0xalsr

Kernel

Available for: macOS Catalina

Impact: an application may be able to execute arbitrary code with kernel privileges

Description: a logic issue was addressed with improved state management.

CVE-2021-1851: @0xalsr

Kernel

Available for: macOS Catalina

Impact: a local attacker may be able to elevate their privileges

Description: a memory corruption issue was addressed with improved validation.

CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

Kernel

Available for: macOS Catalina

Impact: the issue was addressed with improved permissions logic

Description: copied files may not have the expected file permissions.

CVE-2021-1832: an anonymous researcher

Entry added 21 July 2021

libxpc

Available for: macOS Catalina

Impact: a malicious application may be able to gain root privileges

Description: a race condition was addressed with additional validation.

CVE-2021-30652: James Hutchins

libxslt

Available for: macOS Catalina

Impact: processing a maliciously crafted file may lead to heap corruption

Description: a double free issue was addressed with improved memory management.

CVE-2021-1875: found by OSS-Fuzz

Login Window

Available for: macOS Catalina

Impact: a malicious application with root privileges may be able to access private information

Description: this issue was addressed with improved entitlements.

CVE-2021-1824: Wojciech Reguła (@_r3ggi) of SecuRing

NSRemoteView

Available for: macOS Catalina

Impact: processing maliciously crafted web content may lead to arbitrary code execution

Description: a use after free issue was addressed with improved memory management.

CVE-2021-1876: Matthew Denton of Google Chrome

Preferences

Available for: macOS Catalina

Impact: a local user may be able to modify protected parts of the file system

Description: a parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)

smbx

Available for: macOS Catalina

Impact: an attacker in a privileged network position may be able to leak sensitive user information

Description: an integer overflow was addressed with improved input validation.

CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com)

System Preferences

Available for: macOS Catalina

Impact: a malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.

Description: a logic issue was addressed with improved state management.

CVE-2021-30657: Cedric Owens (@cedowens)

Entry added 27 April 2021, updated 30 April 2021

Tailspin

Available for: macOS Catalina

Impact: a local attacker may be able to elevate their privileges

Description: a logic issue was addressed with improved state management.

CVE-2021-1868: Tim Michaud of Zoom Communications

tcpdump

Available for: macOS Catalina

Impact: a remote attacker may be able to cause a denial of service

Description: this issue was addressed with improved checks.

CVE-2020-8037: an anonymous researcher

Time Machine

Available for: macOS Catalina

Impact: a local attacker may be able to elevate their privileges

Description: the issue was addressed with improved permissions logic.

CVE-2021-1839: Tim Michaud (@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc

Wi-Fi

Available for: macOS Catalina

Impact: an application may be able to cause an unexpected system termination or write kernel memory

Description: a memory corruption issue was addressed with improved validation.

CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

Wi-Fi

Available for: macOS Catalina

Impact: the issue was addressed with improved permissions logic

Description: an application may be able to execute arbitrary code with system privileges.

CVE-2021-30655: Gary Nield of ECSC Group plc and Tim Michaud (@TimGMichaud) of Zoom Video Communications, Wojciech Reguła (@_r3ggi) of SecuRing

Entry added 21 July 2021

wifivelocityd

Available for: macOS Catalina

Impact: an application may be able to execute arbitrary code with system privileges

Description: the issue was addressed with improved permissions logic.

CVE-2020-3838: Dayton Pidhirney (@_watbulb)

WindowServer

Available for: macOS Catalina

Impact: a malicious application may be able to unexpectedly leak a user's credentials from secure text fields

Description: an API issue in Accessibility TCC permissions was addressed with improved state management.

CVE-2021-1873: an anonymous researcher

Entry updated 27 April 2021

Additional recognition

CoreCrypto

We would like to acknowledge Andy Russon of Orange Group for their assistance.

Entry added: 6 May 2021

Intel Graphics Driver

We would like to acknowledge Jack Dates of RET2 Systems, Inc. for their assistance.

Entry added: 6 May 2021

Kernel

We would like to acknowledge Antonio Frighetto of Politecnico di Milano, GRIMM, Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng, Youjun Huang, Haixin Duan and an anonymous researcher for their assistance.

Entry added: 6 May 2021

Mail

We would like to acknowledge Petter Flink, SecOps of Bonnier News and an anonymous researcher for their assistance.

Entry added: 6 May 2021

Safari

We would like to acknowledge an anonymous researcher for their assistance.

Entry added: 6 May 2021

Security

We would like to acknowledge Xingwei Lin of Ant Security Light-Year Lab and john (@nyan_satan) for their assistance.

Entry added: 6 May 2021

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: