Apple Security Update 2021-008 Catalina vulnerabilities

CVE-2021-30995 [HIGH] CVE-2021-30995: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30995 Component: Preferences Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling.

CVE-2021-30971 [HIGH] CVE-2021-30971: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30971 Component: Model I/O Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30939 [HIGH] CVE-2021-30939: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30939 Component: ImageIO Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30958 [HIGH] CVE-2021-30958: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30958 Component: CoreAudio Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30935 [HIGH] CVE-2021-30935: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30935 Component: Bluetooth Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation.

CVE-2021-30945 [HIGH] CVE-2021-30945: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30945 Component: Crash Reporter Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks.

CVE-2021-30977 [HIGH] CVE-2021-30977: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30977 Component: Graphics Drivers Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30942 [HIGH] CVE-2021-30942: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30942 Component: ColorSync Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30969 [HIGH] CVE-2021-30969: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30969 Component: Help Viewer Impact: Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk Description: A path handling issue was addressed with improved validation.

CVE-2021-30979 [HIGH] CVE-2021-30979: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30979 Component: Model I/O Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30938 [HIGH] CVE-2021-30938: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30938 Component: Wi-Fi Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: This issue was addressed with improved checks.

CVE-2021-30981 [HIGH] CVE-2021-30981: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30981 Component: Intel Graphics Driver Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30927 [HIGH] CVE-2021-30927: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30927 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management.

CVE-2021-30949 [HIGH] CVE-2021-30949: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30949 Component: Kernel Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30975 [HIGH] CVE-2021-30975: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30975 Component: Script Editor Impact: A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions Description: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary.

CVE-2021-30980 [HIGH] CVE-2021-30980: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30980 Component: Kernel Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management.

CVE-2021-30937 [HIGH] CVE-2021-30937: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30937 Component: Kernel Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2021-30959 [MEDIUM] CVE-2021-30959: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30959 Component: CoreAudio Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30963 [MEDIUM] CVE-2021-30963: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30963 Component: CoreAudio Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30968 [MEDIUM] CVE-2021-30968: Security Update 2021-008 Catalina Apple Security Update: About the security content of Security Update 2021-008 Catalina Product: Security Update 2021-008 Catalina CVE: CVE-2021-30968 Component: Sandbox Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions.