-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0349
          macOS Big Sur 11.2, Security Update 2021-001 Catalina,
                      Security Update 2021-001 Mojave
                              2 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           macOS Big Sur
                   macOS Catalina
                   macOS Mojave
Publisher:         Apple
Operating System:  Mac OS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Modify Arbitrary Files          -- Existing Account            
                   Create Arbitrary Files          -- Existing Account            
                   Denial of Service               -- Remote/Unauthenticated      
                   Access Confidential Data        -- Existing Account            
                   Unauthorised Access             -- Remote with User Interaction
                   Reduced Security                -- Unknown/Unspecified         
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-1871 CVE-2021-1870 CVE-2021-1818
                   CVE-2021-1802 CVE-2021-1801 CVE-2021-1799
                   CVE-2021-1797 CVE-2021-1793 CVE-2021-1792
                   CVE-2021-1791 CVE-2021-1790 CVE-2021-1789
                   CVE-2021-1788 CVE-2021-1787 CVE-2021-1786
                   CVE-2021-1785 CVE-2021-1783 CVE-2021-1782
                   CVE-2021-1779 CVE-2021-1778 CVE-2021-1777
                   CVE-2021-1776 CVE-2021-1775 CVE-2021-1774
                   CVE-2021-1773 CVE-2021-1772 CVE-2021-1771
                   CVE-2021-1769 CVE-2021-1768 CVE-2021-1767
                   CVE-2021-1766 CVE-2021-1765 CVE-2021-1764
                   CVE-2021-1763 CVE-2021-1762 CVE-2021-1761
                   CVE-2021-1760 CVE-2021-1759 CVE-2021-1758
                   CVE-2021-1757 CVE-2021-1754 CVE-2021-1753
                   CVE-2021-1751 CVE-2021-1750 CVE-2021-1747
                   CVE-2021-1746 CVE-2021-1745 CVE-2021-1744
                   CVE-2021-1743 CVE-2021-1742 CVE-2021-1741
                   CVE-2021-1738 CVE-2021-1737 CVE-2021-1736
                   CVE-2020-29633 CVE-2020-29614 CVE-2020-29608
                   CVE-2020-27945 CVE-2020-27938 CVE-2020-27937
                   CVE-2020-27904 CVE-2020-25709 CVE-2020-15358
                   CVE-2020-14155 CVE-2019-20838 

Reference:         ESB-2021.0300
                   ESB-2021.0299
                   ESB-2021.0298
                   ESB-2021.0196

Original Bulletin: 
   https://support.apple.com/en-gb/HT212147

Comment: Apple is aware of a report that CVE-2021-1871 and CVE-2021-1870 may have been actively exploited.

- --------------------------BEGIN INCLUDED TEXT--------------------

macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001
Mojave

Released February 1, 2021

Analytics

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2021-1761: Cees Elzinga

APFS

Available for: macOS Big Sur 11.0.1

Impact: A local user may be able to read arbitrary files

Description: The issue was addressed with improved permissions logic.

CVE-2021-1797: Thomas Tempelmann

CFNetwork Cache

Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6

Impact: Processing maliciously crafted web content may lead to arbitrary code
execution

Description: An integer overflow was addressed with improved input validation.

CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team

CoreAnimation

Available for: macOS Big Sur 11.0.1

Impact: A malicious application could execute arbitrary code leading to
compromise of user information

Description: A memory corruption issue was addressed with improved state
management.

CVE-2021-1760: @S0rryMybad of 360 Vulcan Team

CoreAudio

Available for: macOS Big Sur 11.0.1

Impact: Processing maliciously crafted web content may lead to code execution

Description: An out-of-bounds write was addressed with improved input
validation.

CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab

CoreGraphics

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: Processing a maliciously crafted font file may lead to arbitrary code
execution

Description: An out-of-bounds write issue was addressed with improved bounds
checking.

CVE-2021-1776: Ivan Fratric of Google Project Zero

CoreMedia

Available for: macOS Big Sur 11.0.1

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: An out-of-bounds read was addressed with improved input
validation.

CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT

CoreText

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: Processing a maliciously crafted text file may lead to arbitrary code
execution

Description: A stack overflow was addressed with improved input validation.

CVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro?s Zero Day
Initiative

CoreText

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: A remote attacker may be able to cause arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro?s
Zero Day Initiative

Crash Reporter

Available for: macOS Catalina 10.15.7

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2021-1761: Cees Elzinga

Crash Reporter

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: A local attacker may be able to elevate their privileges

Description: Multiple issues were addressed with improved logic.

CVE-2021-1787: James Hutchins

Crash Reporter

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: A local user may be able to create or modify system files

Description: A logic issue was addressed with improved state management.

CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security

Directory Utility

Available for: macOS Catalina 10.15.7

Impact: A malicious application may be able to access private information

Description: A logic issue was addressed with improved state management.

CVE-2020-27937: Wojciech Regu?a (@_r3ggi) of SecuRing

Endpoint Security

Available for: macOS Catalina 10.15.7

Impact: A local attacker may be able to elevate their privileges

Description: A logic issue was addressed with improved state management.

CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response Center

FairPlay

Available for: macOS Big Sur 11.0.1

Impact: A malicious application may be able to disclose kernel memory

Description: An out-of-bounds read issue existed that led to the disclosure of
kernel memory. This was addressed with improved input validation.

CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro working
with Trend Micro?s Zero Day Initiative

FontParser

Available for: macOS Catalina 10.15.7

Impact: Processing a maliciously crafted font may lead to arbitrary code
execution

Description: An out-of-bounds read was addressed with improved input
validation.

CVE-2021-1790: Peter Nguyen Vu Hoang of STAR Labs

FontParser

Available for: macOS Mojave 10.14.6

Impact: Processing a maliciously crafted font may lead to arbitrary code
execution

Description: This issue was addressed by removing the vulnerable code.

CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro

FontParser

Available for: macOS Mojave 10.14.6

Impact: A remote attacker may be able to leak memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab

FontParser

Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7

Impact: A remote attacker may be able to cause arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1758: Peter Nguyen of STAR Labs

ImageIO

Available for: macOS Big Sur 11.0.1

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: An access issue was addressed with improved memory management.

CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab

ImageIO

Available for: macOS Big Sur 11.0.1

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro?s
Zero Day Initiative, Xingwei Lin of Ant Security Light-Year Lab


ImageIO

Available for: macOS Big Sur 11.0.1

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: A logic issue was addressed with improved state management.

CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab

ImageIO

Available for: macOS Big Sur 11.0.1

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: An out-of-bounds read issue existed in the curl. This issue was
addressed with improved bounds checking.

CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab

ImageIO

Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: An out-of-bounds read was addressed with improved input
validation.

CVE-2021-1736: Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab

ImageIO

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: This issue was addressed with improved checks.

CVE-2021-1766: Danny Rosseau of Carve Systems

ImageIO

Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7

Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution

Description: A logic issue was addressed with improved state management.

CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab

ImageIO

Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: This issue was addressed with improved checks.

CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant Security
Light-Year Lab

CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab

ImageIO

Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: An out-of-bounds write was addressed with improved input
validation.

CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-1738: Lei Sun

CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab

IOKit

Available for: macOS Big Sur 11.0.1

Impact: An application may be able to execute arbitrary code with system
privileges

Description: A logic error in kext loading was addressed with improved state
handling.

CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security

IOSkywalkFamily

Available for: macOS Big Sur 11.0.1

Impact: A local attacker may be able to elevate their privileges

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security, Proteas

Kernel

Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6

Impact: An application may be able to execute arbitrary code with kernel
privileges

Description: A logic issue existed resulting in memory corruption. This was
addressed with improved state management.

CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

Kernel

Available for: macOS Big Sur 11.0.1

Impact: A remote attacker may be able to cause a denial of service

Description: A use after free issue was addressed with improved memory
management.

CVE-2021-1764: @m00nbsd

Kernel

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: A malicious application may be able to elevate privileges. Apple is
aware of a report that this issue may have been actively exploited.

Description: A race condition was addressed with improved locking.

CVE-2021-1782: an anonymous researcher

Kernel

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: An application may be able to execute arbitrary code with kernel
privileges

Description: Multiple issues were addressed with improved logic.

CVE-2021-1750: @0xalsr

Login Window

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: An attacker in a privileged network position may be able to bypass
authentication policy

Description: An authentication issue was addressed with improved state
management.

CVE-2020-29633: Jewel Lambert of Original Spin, LLC.

Messages

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: A user that is removed from an iMessage group could rejoin the group

Description: This issue was addressed with improved checks.

CVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)

Model I/O

Available for: macOS Big Sur 11.0.1

Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution

Description: An out-of-bounds write was addressed with improved input
validation.

CVE-2021-1762: Mickey Jin of Trend Micro

Model I/O

Available for: macOS Catalina 10.15.7

Impact: Processing a maliciously crafted file may lead to heap corruption

Description: This issue was addressed with improved checks.

CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab

Model I/O

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro?s Zero Day
Initiative

Model I/O

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: Processing a maliciously crafted image may lead to heap corruption

Description: This issue was addressed with improved checks.

CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro?s
Zero Day Initiative

Model I/O

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input
validation.

CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro?s
Zero Day Initiative

Model I/O

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro?s Zero Day
Initiative

Model I/O

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro?s
Zero Day Initiative

NetFSFramework

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: Mounting a maliciously crafted Samba network share may lead to
arbitrary code execution

Description: A logic issue was addressed with improved state management.

CVE-2021-1751: Mikko Kentt?l? (@Turmio_) of SensorFu

OpenLDAP

Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave
10.14.6

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2020-25709

Power Management

Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7

Impact: A malicious application may be able to elevate privileges

Description: A logic issue was addressed with improved state management.

CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan

Screen Sharing

Available for: macOS Big Sur 11.0.1

Impact: Multiple issues in pcre

Description: Multiple issues were addressed by updating to version 8.44.

CVE-2019-20838

CVE-2020-14155

SQLite

Available for: macOS Catalina 10.15.7

Impact: Multiple issues in SQLite

Description: Multiple issues were addressed by updating SQLite to version
3.32.3.

CVE-2020-15358

Swift

Available for: macOS Big Sur 11.0.1

Impact: A malicious attacker with arbitrary read and write capability may be
able to bypass Pointer Authentication

Description: A logic issue was addressed with improved validation.

CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs

WebKit

Available for: macOS Big Sur 11.0.1

Impact: Processing maliciously crafted web content may lead to arbitrary code
execution

Description: A use after free issue was addressed with improved memory
management.

CVE-2021-1788: Francisco Alonso (@revskills)

WebKit

Available for: macOS Big Sur 11.0.1

Impact: Maliciously crafted web content may violate iframe sandboxing policy

Description: This issue was addressed with improved iframe sandbox enforcement.

CVE-2021-1765: Eliya Stein of Confiant

CVE-2021-1801: Eliya Stein of Confiant

WebKit

Available for: macOS Big Sur 11.0.1

Impact: Processing maliciously crafted web content may lead to arbitrary code
execution

Description: A type confusion issue was addressed with improved state handling.

CVE-2021-1789: @S0rryMybad of 360 Vulcan Team

WebKit

Available for: macOS Big Sur 11.0.1

Impact: A remote attacker may be able to cause arbitrary code execution. Apple
is aware of a report that this issue may have been actively exploited.

Description: A logic issue was addressed with improved restrictions.

CVE-2021-1871: an anonymous researcher

CVE-2021-1870: an anonymous researcher

WebRTC

Available for: macOS Big Sur 11.0.1

Impact: A malicious website may be able to access restricted ports on arbitrary
servers

Description: A port redirection issue was addressed with additional port
validation.

CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy
Kamkar


Additional recognition

Kernel

We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of
Trend Micro for their assistance.

libpthread

We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for
their assistance.

Login Window

We would like to acknowledge Jose Moises Romero-Villanueva of CrySolve for
their assistance.

Mail Drafts

We would like to acknowledge Jon Bottarini of HackerOne for their assistance.

Screen Sharing Server

We would like to acknowledge @gorelics for their assistance.

WebRTC

We would like to acknowledge Philipp Hancke for their assistance.

Information about products not manufactured by Apple, or independent websites
not controlled or tested by Apple, is provided without recommendation or
endorsement. Apple assumes no responsibility with regard to the selection,
performance, or use of third-party websites or products. Apple makes no
representations regarding third-party website accuracy or reliability. Contact
the vendor for additional information.

Published Date: February 01, 2021

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYBjH2uNLKJtyKPYoAQhDHhAAlgB/MVml4Zm7rphzgjEiC3ro4aaUudXD
opx5du9khf3F5EFzZ3oNpUekEX/bD6gMUEXb9Imh8Ng/6MuQ2NEkynaqB139mMIC
0Y5o8Ko2MeX4ocx6s3+p63ETO81z/HLgq+XDTlX6fUgZTaK4XbrEvQBbPMgef5RL
dakhjD3DtsJ3c62k3r1yllRbUIExBub9RGlPNbiy9D7A1r46O6uigFhS2mkXUQVB
44w03wnVEOBOorcUn2jmsqBDpIx4U23/3qPQ+cuROlzSMJUPUHS8Hz5F/N0PefG+
0ljq0zekDXS+MvlKmf0zOULhuEI2lEpj0zJw2SOyzCnBz7DVsaVxHGI5OfKYaZ+t
UxyDZHs8KZziThDerhINuN1j8rJRBfDuuDlni9OhBbFtvMDsSoKRb1xYxLQEAU+P
jIwMp9NuqyHed2TwLZVTH8ZWDmnrUVXHXXPXJQFbbtd2MhUlKIcRTEnNeQihwcyA
akAATAGNLd94oodWwxgzKAR4832VeZ3xiAvJODdQ8h02WRbEUw4RQTDrr5RgS2Om
/BkYzTE8NVCIFE1SuCLisSAhmTMXx64jjsJpM6KYqWp9LTYOdn1bITHG/mSuZUQH
9zl96zymympXQPBjeqT4//2WQcNGlaXuLpTiIrg3zv9MXwH+N/s7vNH+SZCZ4cxK
t8ZpPRk8Fkg=
=kfCw
-----END PGP SIGNATURE-----