macOS 12.0.1 Monterey Patches Various Security Problems

macOS 12.0.1 Monterey Patches Various Security Problems

The latest version of macOS doesn’t just bring us new features like Focus mode, Shortcuts, and Live Text. There are also quite a few security exploits fixed by macOS 12.0.1 Monterey, including some within iCloud, Game Center, and the audio and graphics drivers.

macOS 12.0.1 Monterey Security Notes

Here are some of the issues resolved by macOS 12.0.1 Monterey. All of these patches are available for Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), and iMac Pro (2017 and later)

AppKit

Impact: A malicious application may be able to elevate privileges

Description: A logic issue was addressed with improved state management.

CVE-2021-30873: Thijs Alkemade of Computest

AppleScript

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30876 and CVE-2021-30879: Jeremy Brown, hjy79425575

CVE-2021-30877 and CVE-2021-30880: Jeremy Brown

Audio

Impact: A malicious application may be able to elevate privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30907: Zweig of Kunlun Lab

Bluetooth

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30899: Weiteng Chen, Zheng Zhang and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

ColorSync

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.

CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

Continuity Camera

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30903: an anonymous researcher

CoreAudio

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro

CoreGraphics

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30919

FileProvider

Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: An input validation issue was addressed with improved memory handling.

CVE-2021-30881: Simon Huang and pjf of IceSword Lab of Qihoo 360

Game Center

Issue #1:

Impact: A malicious application may be able to access information about a user’s contacts

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30895: Denis Tokarev

Issue #2:

Impact: A malicious application may be able to read user’s gameplay data

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30896: Denis Tokarev

iCloud

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30906: Cees Elzinga

Intel Graphics Driver

Issue #1:

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30824: Antonio Zekic of Diverto

Issue #2:

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2021-30901: Zuozhi Fan of Ant Security TianQiong Lab, Yinyi Wu of Ant Security Light-Year Lab, Jack Dates of RET2 Systems, Inc.

IOGraphics

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30821: Tim Michaud of Zoom Video Communications

IOMobileFrameBuffer

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30883: an anonymous researcher

Kernel

Issue #1:

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30886: @0xalsr

Issue #2:

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30909: Zweig of Kunlun Lab

Issue #3:

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30916: Zweig of Kunlun Lab

LaunchServices

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved state management.

CVE-2021-30864: Ron Hass of Perception Point

Login Window

Impact: A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS

Description: This issue was addressed with improved checks.

CVE-2021-30813: Benjamin Berger of BBetterTech LLC, Peter Goedtkindt of Informatique-MTF S.A., an anonymous researcher

Model I/O

Issue #1:

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro

Issue #2:

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

Sandbox

Impact: A local attacker may be able to read sensitive information

Description: A permissions issue was addressed with improved validation.

CVE-2021-30920: Csaba Fitzl of Offensive Security

SMB

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs

SoftwareUpdate

Issue #1:

Impact: A malicious application may gain access to a user’s Keychain items

Description: The issue was addressed with improved permissions logic.

CVE-2021-30912: Kirin and chenyuwang of Tencent Security Xuanwu Lab

Issue #2”

Impact: An unprivileged application may be able to edit NVRAM variables

Description: The issue was addressed with improved permissions logic.

CVE-2021-30913: Kirin and chenyuwang of Tencent Security Xuanwu Lab

UIKit

Impact: A person with physical access to an iOS device may be determine characteristics of a user’s password in a secure text entry field

Description: A logic issue was addressed with improved state management.

CVE-2021-30915: Kostas Angelopoulos

WebKit

Issue #1:

Impact: An attacker in a privileged network position may be able to bypass HSTS

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30823: David Gullasch of Recurity Labs

Issue #2:

Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30887: Narendra Bhati of Suma Soft Pvt. Ltd.

Issue #3:

Impact: A malicious website using Content Security Policy reports may be able to leak information via redirect behavior

Description: An information leakage issue was addressed.

CVE-2021-30888: Prakash

Issue #4:

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

Issue #5:

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.

CVE-2021-30861: Wojciech Reguła, Ryan Pickren

Issue #6:

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2021-30890: an anonymous researcher

Windows Server

Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen

Description: An authentication issue was addressed with improved state management.

CVE-2021-30908: ASentientBot

xar

Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files

Description: This issue was addressed with improved checks.

CVE-2021-30833: Richard Warren of NCC Group

zsh

Impact: A malicious application may be able to modify protected parts of the file system

Description: An inherited permissions issue was addressed with additional restrictions.

CVE-2021-30892: Jonathan Bar Or of Microsoft

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.