About the security content of Security Update 2021-007 Catalina

This document describes the security content of Security Update 2021-007 Catalina.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

Security Update 2021-007 Catalina

AppKit

Available for: macOS Catalina

Impact: A malicious application may be able to elevate privileges

Description: A logic issue was addressed with improved state management.

CVE-2021-30873: Thijs Alkemade of Computest Research Division

AppleScript

Available for: macOS Catalina

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30876: Jeremy Brown, hjy79425575

CVE-2021-30879: Jeremy Brown, hjy79425575

CVE-2021-30877: Jeremy Brown

CVE-2021-30880: Jeremy Brown

Audio

Available for: macOS Catalina

Impact: A malicious application may be able to elevate privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30907: Zweig of Kunlun Lab

Bluetooth

Available for: macOS Catalina

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

ColorSync

Available for: macOS Catalina

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30926: Jeremy Brown

ColorSync

Available for: macOS Catalina

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.

CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

Continuity Camera

Available for: macOS Catalina

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An uncontrolled format string issue was addressed with improved input validation.

CVE-2021-30903: Gongyu Ma of Hangzhou Dianzi University

CoreAudio

Available for: macOS Catalina

Impact: Processing a malicious audio file may result in unexpected application termination or arbitrary code execution

Description: A logic issue was addressed with improved state management.

CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab

CoreAudio

Available for: macOS Catalina

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro

CoreGraphics

Available for: macOS Catalina

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30919: Apple

FileProvider

Available for: macOS Catalina

Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: An input validation issue was addressed with improved memory handling.

CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360

iCloud

Available for: macOS Catalina

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30906: Cees Elzinga

Intel Graphics Driver

Available for: macOS Catalina

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2021-30922: Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1)

Intel Graphics Driver

Available for: macOS Catalina

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto

Intel Graphics Driver

Available for: macOS Catalina

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab, Jack Dates of RET2 Systems, Inc., Liu Long of Ant Security Light-Year Lab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab

IOGraphics

Available for: macOS Catalina

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video Communications

Kernel

Available for: macOS Catalina

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30909: Zweig of Kunlun Lab

Kernel

Available for: macOS Catalina

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30916: Zweig of Kunlun Lab

Model I/O

Available for: macOS Catalina

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro

Model I/O

Available for: macOS Catalina

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

SMB

Available for: macOS Catalina

Impact: A remote attacker may be able to leak memory

Description: A logic issue was addressed with improved state management.

CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs

SoftwareUpdate

Available for: macOS Catalina

Impact: An unprivileged application may be able to edit NVRAM variables

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30913: Kirin(@Pwnrin) and chenyuwang(@mzzzz__) of Tencent Security Xuanwu Lab

SoftwareUpdate

Available for: macOS Catalina

Impact: A malicious application may gain access to a user's Keychain items

Description: The issue was addressed with improved permissions logic.

CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

UIKit

Available for: macOS Catalina

Impact: A person with physical access to a device may be able to determine characteristics of a user's password in a secure text entry field

Description: A logic issue was addressed with improved state management.

CVE-2021-30915: Kostas Angelopoulos

xar

Available for: macOS Catalina

Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files

Description: This issue was addressed with improved checks.

CVE-2021-30833: Richard Warren of NCC Group

zsh

Available for: macOS Catalina

Impact: A malicious application may be able to modify protected parts of the file system

Description: An inherited permissions issue was addressed with additional restrictions.

CVE-2021-30892: Jonathan Bar Or of Microsoft

Additional recognition

iCloud

We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.