ID

VAR-202108-1285


CVE

CVE-2021-30970


TITLE

apple's  macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021147

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences. apple's macOS Exists in unspecified vulnerabilities.Information may be obtained. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. Information about the security content is also available at https://support.apple.com/HT212979. CVE-2021-30950: @gorelics Bluetooth Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: A logic issue was addressed with improved validation. CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America Bluetooth Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30935: an anonymous researcher ColorSync Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. CVE-2021-30942: Mateusz Jurczyk of Google Project Zero CoreAudio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab CVE-2021-30961: an anonymous researcher CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: macOS Big Sur Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab Crash Reporter Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Graphics Drivers Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30977: Jack Dates of RET2 Systems, Inc. Help Viewer Available for: macOS Big Sur Impact: Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk Description: A path handling issue was addressed with improved validation. CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30981: Liu Long of Ant Security Light-Year Lab, an anonymous researcher IOUSBHostFamily Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: A race condition was addressed with improved locking. CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero LaunchServices Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved validation. CVE-2021-30990: Ron Masas of BreakPoint.sh LaunchServices Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security Preferences Available for: macOS Big Sur Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t) Sandbox Available for: macOS Big Sur Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security Sandbox Available for: macOS Big Sur Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security Sandbox Available for: macOS Big Sur Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics Script Editor Available for: macOS Big Sur Impact: A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions Description: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. CVE-2021-30975: Ryan Pickren (ryanpickren.com) TCC Available for: macOS Big Sur Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2021-30970: Jonathan Bar Or of Microsoft TCC Available for: macOS Big Sur Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients Description: A logic issue was addressed with improved state management. CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security Wi-Fi Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: This issue was addressed with improved checks. CVE-2021-30938: Xinru Chi of Pangu Lab Additional recognition Admin Framework We would like to acknowledge Simon Andersen of Aarhus University and Pico Mitchell for their assistance. ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance. Contacts We would like to acknowledge Minchan Park (03stin) for their assistance. Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance. Model I/O We would like to acknowledge Rui Yang and Xingwei Lin of Ant Security Light-Year Lab for their assistance. Installation note: This update may be obtained from the Mac App Store Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UncACgkQeC9qKD1p rhi3ZA/+JN0mQCWghikUr8/kK9kNAz6FtHO3M5yvyXXQkArAQBmaTk5aaSpsEDi1 KrE+khCjp7N1eGTHrJ2L6q35X+2UEZZUGC/Uic7Dt/CKoQvkTyfGKCHMIhTxF6O8 JGRIz1+wKCXq8lADs29Q1rRg0TkfaIcbCiKI0YMNWgGWBVuXy5LBq/6EvZ2f8Vhe kvDB46D27C9xHgbCq+ihmVdE6iwAVfVYYOh22uP2lGkT6a1jKI6iifkPl/tuiiVy ZWRLWUJwa3HOdAzy511MSjdnj9RBsI4TYJa4QW+Urn8N4sf9wlrU+5Ng+Yfob4U7 n1G2g2V3o3CQpInl+L7CQN44oFYy9UMmuQGtWd3AqcUbTASuoYcV7P6Hz9X5Akwo buASJcsVBbsCCcFGu8OCygvM3ro44D7uG0vPy65BBTVxgiEyUtSuEE8Gti930zC0 FbBgIQk0W2rvBZiEh+stl/87XrIso18oW7k2D5gmkud6TWqK83JxS8Dmd8Rs1uGW Jc2f7enQyN3OQ2MqcU2aYPdV9+QoEq4Hn29xlct99Vq8lcSwp+rtrP7ZgF3MqVRB Dku4o5Xeh3JngTn1si+lk7X1xVX8DHPnV/k0ZUuCB6TJOLUkdye8ezoLpmkf6Nq/ Q5LC4KIwz9JVMON1ZArO58EMBJXKrA8doxHAxZBOBJxBJQqEltQ\x8afg -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2021-30970 // JVNDB: JVNDB-2021-021147 // VULHUB: VHN-390703 // VULMON: CVE-2021-30970 // PACKETSTORM: 165356

AFFECTED PRODUCTS

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.2.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.1

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion: -

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:11.0 that's all 11.2.6

Trust: 0.8

vendor:アップルmodel:macosscope:eqversion:12.0 that's all 12.1

Trust: 0.8

sources: JVNDB: JVNDB-2021-021147 // NVD: CVE-2021-30970

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30970
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-30970
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202108-2074
value: MEDIUM

Trust: 0.6

VULHUB: VHN-390703
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30970
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390703
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30970
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-30970
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390703 // JVNDB: JVNDB-2021-021147 // CNNVD: CNNVD-202108-2074 // NVD: CVE-2021-30970

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-021147 // NVD: CVE-2021-30970

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2074

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202108-2074

PATCH

title:HT212978 Apple  Security updateurl:https://support.apple.com/en-us/HT212978

Trust: 0.8

title:Apple macOS Big Sur Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176450

Trust: 0.6

sources: JVNDB: JVNDB-2021-021147 // CNNVD: CNNVD-202108-2074

EXTERNAL IDS

db:NVDid:CVE-2021-30970

Trust: 3.5

db:PACKETSTORMid:165356

Trust: 0.8

db:JVNDBid:JVNDB-2021-021147

Trust: 0.8

db:AUSCERTid:ESB-2021.4262

Trust: 0.6

db:CS-HELPid:SB2021121430

Trust: 0.6

db:CNNVDid:CNNVD-202108-2074

Trust: 0.6

db:VULHUBid:VHN-390703

Trust: 0.1

db:VULMONid:CVE-2021-30970

Trust: 0.1

sources: VULHUB: VHN-390703 // VULMON: CVE-2021-30970 // JVNDB: JVNDB-2021-021147 // PACKETSTORM: 165356 // CNNVD: CNNVD-202108-2074 // NVD: CVE-2021-30970

REFERENCES

url:https://support.apple.com/en-us/ht212979

Trust: 2.3

url:https://support.apple.com/en-us/ht212978

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30970

Trust: 0.9

url:https://www.cybersecurity-help.cz/vdb/sb2021121430

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.4262

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064

Trust: 0.6

url:https://packetstormsecurity.com/files/165356/apple-security-advisory-2021-12-15-3.html

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30961

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30958

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30969

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30935

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30927

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30939

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30950

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30941

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://support.apple.com/ht212979.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30963

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30965

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30973

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30931

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30959

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30971

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30937

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30968

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30940

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30949

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30767

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30929

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30942

Trust: 0.1

sources: VULHUB: VHN-390703 // VULMON: CVE-2021-30970 // JVNDB: JVNDB-2021-021147 // PACKETSTORM: 165356 // CNNVD: CNNVD-202108-2074 // NVD: CVE-2021-30970

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 165356

SOURCES

db:VULHUBid:VHN-390703
db:VULMONid:CVE-2021-30970
db:JVNDBid:JVNDB-2021-021147
db:PACKETSTORMid:165356
db:CNNVDid:CNNVD-202108-2074
db:NVDid:CVE-2021-30970

LAST UPDATE DATE

2024-08-14T12:39:49.940000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390703date:2021-12-28T00:00:00
db:VULMONid:CVE-2021-30970date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-021147date:2024-07-18T01:46:00
db:CNNVDid:CNNVD-202108-2074date:2021-12-29T00:00:00
db:NVDid:CVE-2021-30970date:2023-11-07T03:34:07.473

SOURCES RELEASE DATE

db:VULHUBid:VHN-390703date:2021-08-24T00:00:00
db:VULMONid:CVE-2021-30970date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-021147date:2024-07-18T00:00:00
db:PACKETSTORMid:165356date:2021-12-17T19:19:33
db:CNNVDid:CNNVD-202108-2074date:2021-08-24T00:00:00
db:NVDid:CVE-2021-30970date:2021-08-24T19:15:22.853