Apple macOS vulnerabilities

CVE-2021-30828 [MEDIUM] CVE-2021-30828: This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catal This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root.

CVE-2021-30850 [MEDIUM] CVE-2021-30850: An access issue was addressed with improved access restrictions. This issue is fixed in Security Upd An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system.

CVE-2021-22946 [HIGH] CWE-325 CVE-2021-22946: A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate re

CVE-2021-22947 [MEDIUM] CWE-310 CVE-2021-22947: When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *b

CVE-2021-22945 [CRITICAL] CWE-415 CVE-2021-22945: When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances errone When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.

CVE-2021-39537 [HIGH] CWE-787 CVE-2021-39537: An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buf An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.

CVE-2021-1882 [CRITICAL] CWE-787 CVE-2021-1882: A memory corruption issue was addressed with improved validation. This issue is fixed in Security Up A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to gain elevated privileges.

CVE-2021-1770 [CRITICAL] CWE-119 CVE-2021-1770: A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management.

CVE-2021-30793 [CRITICAL] CVE-2021-30793: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30805 [CRITICAL] CWE-787 CVE-2021-30805: A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. An application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30655 [CRITICAL] CVE-2021-30655: An application may be able to execute arbitrary code with system privileges. This issue is fixed in An application may be able to execute arbitrary code with system privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. The issue was addressed with improved permissions logic.

CVE-2021-1834 [CRITICAL] CWE-787 CVE-2021-1834: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2021-1829 [CRITICAL] CWE-843 CVE-2021-1829: A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30678 [CRITICAL] CVE-2021-30678: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2021-1828 [HIGH] CWE-787 CVE-2021-1828: A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big S A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. An application may be able to cause unexpected system termination or write kernel memory.

CVE-2021-30676 [HIGH] CVE-2021-30676: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory.

CVE-2021-1839 [HIGH] CWE-269 CVE-2021-1839: The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3, The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A local attacker may be able to elevate their privileges.

CVE-2021-30760 [HIGH] CWE-190 CVE-2021-30760: An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7 An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.

CVE-2021-30698 [HIGH] CWE-476 CVE-2021-30698: A null pointer dereference was addressed with improved input validation. This issue is fixed in macO A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service.

CVE-2021-30775 [HIGH] CWE-787 CVE-2021-30775: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution.