Apple Security Update 2021-003 Catalina vulnerabilities

CVE-2021-30678 [CRITICAL] CVE-2021-30678: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30678 Component: AMD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management.

CVE-2020-36227 [HIGH] CVE-2020-36227: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2020-36227 Component: CVE-2020-36227

CVE-2020-36226 [HIGH] CVE-2020-36226: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2020-36226 Component: CVE-2020-36226

CVE-2020-36221 [HIGH] CVE-2020-36221: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2020-36221 Component: CVE-2020-36221

CVE-2020-36230 [HIGH] CVE-2020-36230: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2020-36230 Component: CVE-2020-36230

CVE-2021-30710 [HIGH] CVE-2021-30710: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30710 Component: Heimdal Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30743 [HIGH] CVE-2021-30743: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30743 Component: ImageIO Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation.

CVE-2020-36225 [HIGH] CVE-2020-36225: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2020-36225 Component: CVE-2020-36225

CVE-2021-30735 [HIGH] CVE-2021-30735: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30735 Component: Graphics Drivers Impact: An out-of-bounds write issue was addressed with improved bounds checking Description: A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2020-36224 [HIGH] CVE-2020-36224: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2020-36224 Component: CVE-2020-36224

CVE-2021-30681 [HIGH] CVE-2021-30681: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30681 Component: Core Services Impact: A malicious application may be able to gain root privileges Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2021-30684 [HIGH] CVE-2021-30684: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30684 Component: Graphics Drivers Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management.

CVE-2021-30679 [HIGH] CVE-2021-30679: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30679 Component: NSOpenPanel Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code.

CVE-2021-30688 [HIGH] CVE-2021-30688: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30688 Component: App Store Impact: A path handling issue was addressed with improved validation Description: A malicious application may be able to break out of its sandbox.

CVE-2021-30717 [HIGH] CVE-2021-30717: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30717 Component: Security Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.

CVE-2020-36229 [HIGH] CVE-2020-36229: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2020-36229 Component: CVE-2020-36229

CVE-2021-30708 [HIGH] CVE-2021-30708: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30708 Component: Model I/O Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30725 [HIGH] CVE-2021-30725: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30725 Component: Model I/O Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30712 [HIGH] CVE-2021-30712: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30712 Component: Security Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.

CVE-2021-30737 [HIGH] CVE-2021-30737: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30737 Component: Security Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.