Apple Security Update 2021-007 Catalina vulnerabilities

CVE-2021-30906 [HIGH] CVE-2021-30906: Security Update 2021-007 Catalina Apple Security Update: About the security content of Security Update 2021-007 Catalina Product: Security Update 2021-007 Catalina CVE: CVE-2021-30906 Component: FileProvider Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: An input validation issue was addressed with improved memory handling.

CVE-2021-30910 [MEDIUM] CVE-2021-30910: Security Update 2021-007 Catalina Apple Security Update: About the security content of Security Update 2021-007 Catalina Product: Security Update 2021-007 Catalina CVE: CVE-2021-30910 Component: Model I/O Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30911 [MEDIUM] CVE-2021-30911: Security Update 2021-007 Catalina Apple Security Update: About the security content of Security Update 2021-007 Catalina Product: Security Update 2021-007 Catalina CVE: CVE-2021-30911 Component: Model I/O Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30913 [MEDIUM] CVE-2021-30913: Security Update 2021-007 Catalina Apple Security Update: About the security content of Security Update 2021-007 Catalina Product: Security Update 2021-007 Catalina CVE: CVE-2021-30913 Component: SoftwareUpdate Impact: An unprivileged application may be able to edit NVRAM variables Description: A logic issue was addressed with improved restrictions.

CVE-2021-30892 [MEDIUM] CVE-2021-30892: Security Update 2021-007 Catalina Apple Security Update: About the security content of Security Update 2021-007 Catalina Product: Security Update 2021-007 Catalina CVE: CVE-2021-30892 Component: UIKit Impact: A person with physical access to a device may be able to determine characteristics of a user's password in a secure text entry field Description: A logic issue was addressed with improved state management.

CVE-2021-30833 [MEDIUM] CVE-2021-30833: Security Update 2021-007 Catalina Apple Security Update: About the security content of Security Update 2021-007 Catalina Product: Security Update 2021-007 Catalina CVE: CVE-2021-30833 Component: UIKit Impact: A person with physical access to a device may be able to determine characteristics of a user's password in a secure text entry field Description: A logic issue was addressed with improved state management.

CVE-2021-30912 [MEDIUM] CVE-2021-30912: Security Update 2021-007 Catalina Apple Security Update: About the security content of Security Update 2021-007 Catalina Product: Security Update 2021-007 Catalina CVE: CVE-2021-30912 Component: SoftwareUpdate Impact: A malicious application may gain access to a user's Keychain items Description: The issue was addressed with improved permissions logic.

CVE-2021-30905 [MEDIUM] CVE-2021-30905: Security Update 2021-007 Catalina Apple Security Update: About the security content of Security Update 2021-007 Catalina Product: Security Update 2021-007 Catalina CVE: CVE-2021-30905 Component: CoreAudio Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30915 [LOW] CVE-2021-30915: Security Update 2021-007 Catalina Apple Security Update: About the security content of Security Update 2021-007 Catalina Product: Security Update 2021-007 Catalina CVE: CVE-2021-30915 Component: UIKit Impact: A person with physical access to a device may be able to determine characteristics of a user's password in a secure text entry field Description: A logic issue was addressed with improved state management.