-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-12-15-4 Security Update 2021-008 Catalina

Security Update 2021-008 Catalina addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212981.

Archive Utility
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30950: @gorelics

Bluetooth
Available for: macOS Catalina
Impact: A malicious application may be able to disclose kernel memory
Description: A logic issue was addressed with improved validation.
CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America

Bluetooth
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30935: an anonymous researcher

ColorSync
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue in the processing of ICC
profiles was addressed with improved input validation.
CVE-2021-30942: Mateusz Jurczyk of Google Project Zero

CoreAudio
Available for: macOS Catalina
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

CoreAudio
Available for: macOS Catalina
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab
CVE-2021-30961: an anonymous researcher
CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab

Crash Reporter
Available for: macOS Catalina
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

Graphics Drivers
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-30977: Jack Dates of RET2 Systems, Inc.

Help Viewer
Available for: macOS Catalina
Impact: Processing a maliciously crafted URL may cause unexpected
JavaScript execution from a file on disk
Description: A path handling issue was addressed with improved
validation.
CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)

ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab, Mickey Jin (@patch1t) of Trend Micro

Intel Graphics Driver
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-30981: an anonymous researcher, Liu Long of Ant Security
Light-Year Lab

IOUSBHostFamily
Available for: macOS Catalina
Impact: A remote attacker may be able to cause unexpected application
termination or heap corruption
Description: A race condition was addressed with improved locking.
CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC
Riverside, and Yu Wang of Didi Research America

Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30927: Xinru Chi of Pangu Lab
CVE-2021-30980: Xinru Chi of Pangu Lab

Kernel
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2021-30937: Sergei Glazunov of Google Project Zero

Kernel
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30949: Ian Beer of Google Project Zero

LaunchServices
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved validation.
CVE-2021-30990: Ron Masas of BreakPoint.sh

LaunchServices
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent
Security Xuanwu Lab

Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab

Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro

Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab

Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security

Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security

Preferences
Available for: macOS Catalina
Impact: A malicious application may be able to elevate privileges
Description: A race condition was addressed with improved state
handling.
CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin
(@patch1t)

Sandbox
Available for: macOS Catalina
Impact: A malicious application may be able to bypass certain Privacy
preferences
Description: A validation issue related to hard link behavior was
addressed with improved sandbox restrictions.
CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security

Script Editor
Available for: macOS Catalina
Impact: A malicious OSAX scripting addition may bypass Gatekeeper
checks and circumvent sandbox restrictions
Description: This issue was addressed by disabling execution of
JavaScript when viewing a scripting dictionary.
CVE-2021-30975: Ryan Pickren (ryanpickren.com)

TCC
Available for: macOS Catalina
Impact: A local user may be able to modify protected parts of the
file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30767: @gorelics

TCC
Available for: macOS Catalina
Impact: A malicious application may be able to cause a denial of
service to Endpoint Security clients
Description: A logic issue was addressed with improved state
management.
CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security

Wi-Fi
Available for: macOS Catalina
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: This issue was addressed with improved checks.
CVE-2021-30938: Xinru Chi of Pangu Lab

Additional recognition

Admin Framework
We would like to acknowledge Simon Andersen of Aarhus University and
Pico Mitchell for their assistance.

ColorSync
We would like to acknowledge Mateusz Jurczyk of Google Project Zero
for their assistance.

Contacts
We would like to acknowledge Minchan Park (03stin) for their
assistance.

Kernel
We would like to acknowledge Amit Klein of Bar-Ilan University's
Center for Research in Applied Cryptography and Cyber Security for
their assistance.

Model I/O
We would like to acknowledge Rui Yang and Xingwei Lin of Ant Security
Light-Year Lab for their assistance.

Installation note:
This update may be obtained from the Mac App Store

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UncACgkQeC9qKD1p
rhjGSBAAoeUkEMVuTZr0ZVlGyC5t9WhyhwA61KTb175rNIYhcZcIXHrNyNZjoSem
+clW2k6Cjr4p9pc9aP7JLT47C+FKTQ1zh2FujC2OOsCXm2Wl8hJWS7FIYwpjEXrx
ZtklOX826rmYIXrQ4YJhpDgwiIjA8bL8oiRHIA3jz3ZcWsSIg8aFJos+8hkSE7zc
dvDnhKTBA02u9TkCMR5Wr+jTnWWT6qyKj99WYxdRlVPkNNOHQC0AldYSkItHCdtg
xEx5/3T4zTi1AqCikb1avzPhKSgFHQyZ9BSxVHkcGIo4bgK4Wxlmb6I2/qi9PB6E
dJMbwsXKtFxY25GzYbPMeTDeIXeF2wBWfgwUau6kkL77xUXrQZjxh3K2goxnkuid
ZRWMhmXZ38NcnkLgYVB8mN3db2/hcgi8+G682Z9EKyzUWpQz+szpZ8pxuIVGcTPV
visbanyF6jfLrWrIgrRPfPini/hph51BGZuo2+2aQis/ULgtfvMGTvbirIjP0fa/
AatIMHkYm9EgvjWLLoaFUWMEIAsbkC/YUe3SLVti9h+3Z+jQ+Wbu+6vQhgKHFdC/
cnqcvYCLL/Ltx1ukw4GJD/e+I8F2eY5aRpMxDd4FCjLW2BVxm+JJE+CXcG54HHXX
+TY9buDFMorLtIjGaCnQf/5cUo/K2ExhFT8689VkdkPUI8VCBAQ=EWN0
-----END PGP SIGNATURE-----