Apple Security Update 2021-003 Catalina vulnerabilities

CVE-2021-30721 [MEDIUM] CVE-2021-30721: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30721 Component: Security Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.

CVE-2021-30702 [MEDIUM] CVE-2021-30702: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30702 Component: Login Window Impact: A person with physical access to a Mac may be able to bypass Login Window Description: A logic issue was addressed with improved state management.

CVE-2021-30723 [MEDIUM] CVE-2021-30723: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30723 Component: Model I/O Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An information disclosure issue was addressed with improved state management.

CVE-2021-30716 [MEDIUM] CVE-2021-30716: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30716 Component: Security Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.

CVE-2021-1883 [MEDIUM] CVE-2021-1883: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-1883 Component: Heimdal Impact: Processing maliciously crafted server messages may lead to heap corruption Description: This issue was addressed with improved checks.

CVE-2021-30722 [MEDIUM] CVE-2021-30722: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30722 Component: Security Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.

CVE-2021-30692 [MEDIUM] CVE-2021-30692: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30692 Component: Model I/O Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An information disclosure issue was addressed with improved state management.

CVE-2021-30687 [MEDIUM] CVE-2021-30687: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30687 Component: ImageIO Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30686 [MEDIUM] CVE-2021-30686: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30686 Component: CoreAudio Impact: An out-of-bounds read was addressed with improved bounds checking Description: Processing a maliciously crafted audio file may disclose restricted memory.

CVE-2021-30709 [MEDIUM] CVE-2021-30709: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30709 Component: Model I/O Impact: Processing a maliciously crafted USD file may disclose memory contents Description: This issue was addressed with improved checks.

CVE-2021-30695 [MEDIUM] CVE-2021-30695: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30695 Component: Model I/O Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30669 [MEDIUM] CVE-2021-30669: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30669 Component: AppleScript Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management.

CVE-2021-1884 [MEDIUM] CVE-2021-1884: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-1884 Component: Heimdal Impact: A remote attacker may be able to cause a denial of service Description: A race condition was addressed with improved locking.

CVE-2021-30819 [MEDIUM] CVE-2021-30819: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30819 Component: CVE-2021-30819

CVE-2021-30697 [MEDIUM] CVE-2021-30697: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30697 Component: Heimdal Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management.

CVE-2021-30705 [MEDIUM] CVE-2021-30705: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30705 Component: ImageIO Impact: Processing a maliciously crafted ASTC file may disclose memory contents Description: This issue was addressed with improved checks.

CVE-2021-30673 [MEDIUM] CVE-2021-30673: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30673 Component: Dock Impact: A malicious application may be able to access a user's call history Description: An access issue was addressed with improved access restrictions.

CVE-2021-30671 [LOW] CVE-2021-30671: Security Update 2021-003 Catalina Apple Security Update: About the security content of Security Update 2021-003 Catalina Product: Security Update 2021-003 Catalina CVE: CVE-2021-30671 Component: TCC Impact: A malicious application may be able to send unauthorized Apple events to Finder Description: A validation issue was addressed with improved logic.