Apple released new version of its operating systems and shared the security content for macOS Big Sur 11.4.
macOS 11.4
This is the longest page of security fixes I’ve seen from an OS update in a long time. I’ll share a few of the fixes here.
AppleScript
- Available for: macOS Big Sur
- Impact: A malicious application may bypass Gatekeeper checks
- Description: A logic issue was addressed with improved state management.
- CVE-2021-30669: Yair Hoffman
Core Services
- Available for: macOS Big Sur
- Impact: A malicious application may be able to gain root privileges
- Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
- CVE-2021-30681: Zhongcheng Li (CK01)
Dock
- Available for: macOS Big Sur
- Impact: A malicious application may be able to access a user’s call history
- Description: An access issue was addressed with improved access restrictions.
- CVE-2021-30673: Josh Parnham (@joshparnham)
Kernel
- Available for: macOS Big Sur
- Impact: A malicious application may be able to execute arbitrary code with kernel privileges
- Description: A logic issue was addressed with improved validation.
- CVE-2021-30740: Linus Henze (pinauten.de)