Apple Security Update 2021-004 Mojave vulnerabilities

CVE-2021-30678 [CRITICAL] CVE-2021-30678: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30678 Component: AMD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management.

CVE-2021-30690 [CRITICAL] CVE-2021-30690: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30690 Component: AMD Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management.

CVE-2021-30712 [HIGH] CVE-2021-30712: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30712 Component: Security Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.

CVE-2021-30728 [HIGH] CVE-2021-30728: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30728 Component: Intel Graphics Driver Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30679 [HIGH] CVE-2021-30679: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30679 Component: NSOpenPanel Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code.

CVE-2020-36222 [HIGH] CVE-2020-36222: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2020-36222 Component: CVE-2020-36222

CVE-2021-30737 [HIGH] CVE-2021-30737: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30737 Component: Security Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.

CVE-2020-36223 [HIGH] CVE-2020-36223: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2020-36223 Component: CVE-2020-36223

CVE-2021-30710 [HIGH] CVE-2021-30710: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30710 Component: Heimdal Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management.

CVE-2020-36221 [HIGH] CVE-2020-36221: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2020-36221 Component: CVE-2020-36221

CVE-2021-30724 [HIGH] CVE-2021-30724: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30724 Component: CVMS Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks.

CVE-2021-30739 [HIGH] CVE-2021-30739: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30739 Component: Kernel Impact: A memory corruption issue was addressed with improved validation Description: A local attacker may be able to elevate their privileges.

CVE-2021-30717 [HIGH] CVE-2021-30717: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30717 Component: Security Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.

CVE-2020-36227 [HIGH] CVE-2020-36227: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2020-36227 Component: CVE-2020-36227

CVE-2020-36228 [HIGH] CVE-2020-36228: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2020-36228 Component: CVE-2020-36228

CVE-2021-30708 [HIGH] CVE-2021-30708: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30708 Component: Model I/O Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation.

CVE-2020-36226 [HIGH] CVE-2020-36226: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2020-36226 Component: CVE-2020-36226

CVE-2021-30725 [HIGH] CVE-2021-30725: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30725 Component: Model I/O Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management.

CVE-2020-36224 [HIGH] CVE-2020-36224: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2020-36224 Component: CVE-2020-36224

CVE-2021-30704 [HIGH] CVE-2021-30704: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30704 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management.