Apple Security Update 2021-004 Mojave vulnerabilities

CVE-2020-36230 [HIGH] CVE-2020-36230: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2020-36230 Component: CVE-2020-36230

CVE-2021-30676 [HIGH] CVE-2021-30676: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30676 Component: AMD Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A logic issue was addressed with improved state management.

CVE-2021-30693 [HIGH] CVE-2021-30693: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30693 Component: Model I/O Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A validation issue was addressed with improved logic.

CVE-2021-30681 [HIGH] CVE-2021-30681: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30681 Component: Core Services Impact: A malicious application may be able to gain root privileges Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2020-36225 [HIGH] CVE-2020-36225: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2020-36225 Component: CVE-2020-36225

CVE-2021-30683 [HIGH] CVE-2021-30683: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30683 Component: Heimdal Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A use after free issue was addressed with improved memory management.

CVE-2020-36229 [HIGH] CVE-2020-36229: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2020-36229 Component: CVE-2020-36229

CVE-2021-30735 [HIGH] CVE-2021-30735: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30735 Component: Graphics Drivers Impact: An out-of-bounds write issue was addressed with improved bounds checking Description: A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30726 [HIGH] CVE-2021-30726: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30726 Component: Intel Graphics Driver Impact: An out-of-bounds write issue was addressed with improved bounds checking Description: A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30691 [MEDIUM] CVE-2021-30691: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30691 Component: Model I/O Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An information disclosure issue was addressed with improved state management.

CVE-2021-30819 [MEDIUM] CVE-2021-30819: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30819 Component: CVE-2021-30819

CVE-2021-30669 [MEDIUM] CVE-2021-30669: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30669 Component: AppleScript Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management.

CVE-2021-30697 [MEDIUM] CVE-2021-30697: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30697 Component: Heimdal Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management.

CVE-2021-30723 [MEDIUM] CVE-2021-30723: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30723 Component: Model I/O Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An information disclosure issue was addressed with improved state management.

CVE-2021-30696 [MEDIUM] CVE-2021-30696: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30696 Component: Mail Impact: A logic issue was addressed with improved state management Description: An attacker in a privileged network position may be able to misrepresent application state.

CVE-2021-30709 [MEDIUM] CVE-2021-30709: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30709 Component: Model I/O Impact: Processing a maliciously crafted USD file may disclose memory contents Description: This issue was addressed with improved checks.

CVE-2021-30716 [MEDIUM] CVE-2021-30716: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30716 Component: Security Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.

CVE-2021-1884 [MEDIUM] CVE-2021-1884: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-1884 Component: Heimdal Impact: A remote attacker may be able to cause a denial of service Description: A race condition was addressed with improved locking.

CVE-2021-30721 [MEDIUM] CVE-2021-30721: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30721 Component: Security Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.

CVE-2021-30738 [MEDIUM] CVE-2021-30738: Security Update 2021-004 Mojave Apple Security Update: About the security content of Security Update 2021-004 Mojave Product: Security Update 2021-004 Mojave CVE: CVE-2021-30738 Component: PackageKit Impact: An issue with path validation logic for hardlinks was addressed with improved path sanitization Description: A malicious application may be able to overwrite arbitrary files.