Apple Security Update 2021-002 Catalina vulnerabilities

CVE-2020-8286 [HIGH] CVE-2020-8286: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2020-8286 Component: CoreText Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management.

CVE-2021-1784 [HIGH] CVE-2021-1784: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1784 Component: DiskArbitration Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks.

CVE-2021-1847 [HIGH] CVE-2021-1847: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1847 Component: CoreGraphics Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation.

CVE-2021-1813 [HIGH] CVE-2021-1813: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1813 Component: Foundation Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic.

CVE-2021-30652 [HIGH] CVE-2021-30652: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-30652 Component: Kernel Impact: The issue was addressed with improved permissions logic Description: Copied files may not have the expected file permissions.

CVE-2021-1857 [MEDIUM] CVE-2021-1857: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1857 Component: CFNetwork Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling.

CVE-2021-1873 [MEDIUM] CVE-2021-1873: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1873 Component: WindowServer Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management.

CVE-2021-1740 [MEDIUM] CVE-2021-1740: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1740 Component: Preferences Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2021-1824 [MEDIUM] CVE-2021-1824: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1824 Component: Login Window Impact: A malicious application with root privileges may be able to access private information Description: This issue was addressed with improved entitlements.

CVE-2021-30657 [MEDIUM] CVE-2021-30657: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-30657 Component: System Preferences Impact: A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited. Description: A logic issue was addressed with improved state management.

CVE-2021-1810 [MEDIUM] CVE-2021-1810: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1810 Component: Archive Utility Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management.

CVE-2021-1878 [MEDIUM] CVE-2021-1878: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1878 Component: Preferences Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2021-1797 [MEDIUM] CVE-2021-1797: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1797 Component: APFS Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic.

CVE-2021-1846 [MEDIUM] CVE-2021-1846: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1846 Component: CoreAudio Impact: An out-of-bounds read was addressed with improved input validation Description: Processing a maliciously crafted audio file may disclose restricted memory.

CVE-2021-1811 [MEDIUM] CVE-2021-1811: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1811 Component: CoreText Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management.

CVE-2021-1739 [MEDIUM] CVE-2021-1739: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1739 Component: Preferences Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2021-1832 [MEDIUM] CVE-2021-1832: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1832 Component: Kernel Impact: The issue was addressed with improved permissions logic Description: Copied files may not have the expected file permissions.

CVE-2021-1860 [MEDIUM] CVE-2021-1860: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2021-1860 Component: Kernel Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling.

CVE-2020-8284 [LOW] CVE-2020-8284: Security Update 2021-002 Catalina Apple Security Update: About the security content of Security Update 2021-002 Catalina Product: Security Update 2021-002 Catalina CVE: CVE-2020-8284 Component: CoreText Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management.