Apple Security Update 2021-002 Catalina vulnerabilities

CVE-2021-1834 [CRITICAL] CVE-2021-1834: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1834 Component: Intel Graphics Driver Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30655 [CRITICAL] CVE-2021-30655: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-30655 Component: Wi-Fi Impact: The issue was addressed with improved permissions logic Description: An application may be able to execute arbitrary code with system privileges.

CVE-2021-1882 [CRITICAL] CVE-2021-1882: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1882 Component: Foundation Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1839 [HIGH] CVE-2021-1839: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1839 Component: Time Machine Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic.

CVE-2021-1841 [HIGH] CVE-2021-1841: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1841 Component: Intel Graphics Driver Impact: An out-of-bounds write issue was addressed with improved bounds checking Description: A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2021-1828 [HIGH] CVE-2021-1828: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1828 Component: Wi-Fi Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1808 [HIGH] CVE-2021-1808: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1808 Component: Audio Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation.

CVE-2020-3838 [HIGH] CVE-2020-3838: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2020-3838 Component: Wi-Fi Impact: The issue was addressed with improved permissions logic Description: An application may be able to execute arbitrary code with system privileges.

CVE-2021-1858 [HIGH] CVE-2021-1858: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1858 Component: ImageIO Impact: An out-of-bounds write issue was addressed with improved bounds checking Description: Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2021-1881 [HIGH] CVE-2021-1881: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1881 Component: FontParser Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-1809 [HIGH] CVE-2021-1809: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1809 Component: CoreAudio Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1876 [HIGH] CVE-2021-1876: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1876 Component: NSRemoteView Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2020-27942 [HIGH] CVE-2020-27942: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2020-27942 Component: FontParser Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management.

CVE-2021-1868 [HIGH] CVE-2021-1868: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1868 Component: Tailspin Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management.

CVE-2021-1851 [HIGH] CVE-2021-1851: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1851 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management.

CVE-2020-8285 [HIGH] CVE-2020-8285: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2020-8285 Component: CoreText Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management.

CVE-2021-1843 [HIGH] CVE-2021-1843: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1843 Component: ImageIO Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks.

CVE-2021-1840 [HIGH] CVE-2021-1840: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1840 Component: Kernel Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1875 [HIGH] CVE-2021-1875: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1875 Component: Kernel Impact: The issue was addressed with improved permissions logic Description: Copied files may not have the expected file permissions.

CVE-2020-8037 [HIGH] CVE-2020-8037: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2020-8037 Component: Tailspin Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management.