ManualsPro Apple About the security content of macOS Big Sur 11.5

About the security content of macOS Big Sur 11.5

June 7, 2024
Apple

About the security content of macOS Big Sur 11.5

This document describes the security content of macOS Big Sur 11.5.

About Apple security updates

For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE- ID when possible.

For more information about security, see the Apple Product Security page.

macOS Big Sur 11.5

Released July 21, 2021

AMD Kernel

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2021-30805: ABC Research s.r.o

AppKit

Available for: macOS Big Sur

Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day Initiative

Audio

Available for: macOS Big Sur

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30781: tr3e

AVEVideoEncoder

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30748: George Nosenko

CoreAudio

Available for: macOS Big Sur

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab

CoreAudio

Available for: macOS Big Sur

Impact: Playing a malicious audio file may lead to an unexpected application termination

Description: A logic issue was addressed with improved validation.

CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab

CoreGraphics

Available for: macOS Big Sur

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: A race condition was addressed with improved state handling.

CVE-2021-30786: ryuzaki

CoreServices

Available for: macOS Big Sur

Impact: A malicious application may be able to gain root privileges

Description: This issue was addressed with improved checks.

CVE-2021-30772: Zhongcheng Li (CK01)

CoreServices

Available for: macOS Big Sur

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with improved access restrictions.

CVE-2021-30783: Ron Waisberg (@epsilan)

CoreStorage

Available for: macOS Big Sur

Impact: A malicious application may be able to gain root privileges

Description: An injection issue was addressed with improved validation.

CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc

CoreText

Available for: macOS Big Sur

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of Knownsec 404 team

Crash Reporter

Available for: macOS Big Sur

Impact: A malicious application may be able to gain root privileges

Description: A logic issue was addressed with improved validation.

CVE-2021-30774:  Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University

CVMS

Available for: macOS Big Sur

Impact: A malicious application may be able to gain root privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications

dyld

Available for: macOS Big Sur

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved validation.

CVE-2021-30768: Linus Henze (pinauten.de)

FontParser

Available for: macOS Big Sur

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30760: Sunglin of Knownsec 404 team

FontParser

Available for: macOS Big Sur

Impact: Processing a maliciously crafted tiff file may lead to a denial-of- service or potentially disclose memory contents

Description: This issue was addressed with improved checks.

CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative

FontParser

Available for: macOS Big Sur

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: A stack overflow was addressed with improved input validation.

CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative

Identity Services

Available for: macOS Big Sur

Impact: A malicious application may be able to access a user’s recent Contacts

Description: A permissions issue was addressed with improved validation.

CVE-2021-30803: Csaba Fitzl (@theevilbit) of Offensive Security

ImageIO

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security

ImageIO

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of Trend Micro

Intel Graphics Driver

Available for: macOS Big Sur

Impact: An application may be able to cause unexpected system termination or write kernel memory

Description: This issue was addressed with improved checks.

CVE-2021-30787: Anonymous working with Trend Micro Zero Day Initiative

Intel Graphics Driver

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30766: Liu Long of Ant Security Light-Year Lab

CVE-2021-30765: Liu Long of Ant Security Light-Year Lab

IOKit

Available for: macOS Big Sur

Impact: A local attacker may be able to execute code on the Apple T2 Security Chip

Description: Multiple issues were addressed with improved logic.

CVE-2021-30784: George Nosenko

Kernel

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved state management.

CVE-2021-30793: Zuozhi Fan (@patternF) of Ant Security TianQiong Lab

Kext Management

Available for: macOS Big Sur

Impact: A malicious application may be able to bypass Privacy preferences

Description: This issue was addressed with improved entitlements.

CVE-2021-30778: Csaba Fitzl (@theevilbit) of Offensive Security

libxml2

Available for: macOS Big Sur

Impact: A remote attacker may be able to cause arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-3518

Model I/O

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: A logic issue was addressed with improved validation.

CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro

Model I/O

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30792: Anonymous working with Trend Micro Zero Day Initiative

Model I/O

Available for: macOS Big Sur

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30791: Anonymous working with Trend Micro Zero Day Initiative

Sandbox

Available for: macOS Big Sur

Impact: A malicious application may be able to access restricted files

Description: This issue was addressed with improved checks.

CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security

TCC

Available for: macOS Big Sur

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved state handling.

CVE-2021-30758: Christoph Guttandin of Media Codings

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30795: Sergei Glazunov of Google Project Zero

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to code execution

Description: This issue was addressed with improved checks.

CVE-2021-30797:  Ivan Fratric of Google Project Zero

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2021-30799: Sergei Glazunov of Google Project Zero

Additional recognition

configd

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

CoreText

We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.

crontabs

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

Sandbox

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

Spotlight

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: July 21, 2021

Read User Manual Online (PDF format)

Loading......

Download This Manual (PDF format)

Download this manual  >>

Apple User Manuals

Apple 2nd Generation Pencil User Manual
Apple
Apple AirTag Device Tracker User Guide
Apple
Apple iPhone 11 Pro Simple Mobile Limited Warranty
Apple
Apple mobilebeacon iPad Mini Owner’s Manual
Apple
Apple mobilebeacon iPad Air Instructions
Apple
Apple Tv 4th Generation User Guide
Apple
Apple Watch SE GPS 40mm User Manual
Apple
Apple Watch Series 6 GPS 40mm User Manual
Apple
Apple Pencil A14 User Manual
Apple
Apple 20W USB-C Power Adapter User Manual
Apple
Apple AirTag Ultimate Tracking Device User Manual
Apple
APPLE 10thGen_FF iPad User Guide
Apple
Apple MP5 7 Inch Smart Screen Player User Manual
Apple
Apple Carplay Screen for Car User Manual
Apple
APPLE 2BEM5SINE Find My App User Guide
Apple
Apple iOS 17 New Features Available User Manual
Apple
Apple M2 iPad Air 13 inch 128GB Cellular Instructions
Apple
Apple A1975 Smart Watch User Guide
Apple
Apple A2473 Series Watch Midnight Aluminum User Manual
Apple
Apple A2436 iPad Pro 12.9 Tab User Manual
Apple

Related Manuals

ASKEY 8822CS WiFi BT Combo Module User Manual
ASKEY
SAFUEL SA-211 Wireless Charger Phone Stand User Guide
SAFUEL
Donerton Wireless Earbuds, Sport Bluetooth 5.1 Headphones-Complete Featurers/User Manual
Donerton
PLEXUS COMMUNICATIONS NEC SL2100 12 Button Digital Phone User Guide
PLEXUS COMMUNICATIONS
victron energy VE.Bus Smart Dongle Instruction Manual
victron energy
SystemQ ACC062 Zap Press To Exit Buttons User Guide
SystemQ
FISHER PAYKEL RF170WDLX5 N Freestanding Refrigerator Freezer, 32 Inches 17.1 cu ft User Guide
Fisher & Paykel
SABRENT TP-AL65 Aluminum Tripod With 360 Degree Full Motion Camera Mount User Manual
Sabrent
OLIGHT BFL 1800 Bike Headlights 1800 Lumen LED Bike Light User Manual
OLIGHT
electriQ eiQ-34SUWD144FSHQ-V3 34 Inch Curved QLED Monitor User Manual
ElectriQ
Porta HDA783Y Wall Mounted Bath Shower Mixer User Manual
PORTA
PYS B0BRCQL991 Upgrade 23.8 Inch Computer Monitor Privacy Screen Filter User Guide
PYS
KARCHER FC 2-4 Hand Floor Cleaner Battery Set User Guide
Karcher
ALPICAIR Eco X Series Split Type Wall Mounted Air-Conditioner Owner’s Manual
ALPICAIR
kramer KDock-5 USB-C 8 in 1 Docking Station Instruction Manual
Kramer
Jumbo LED Tabletop Fountain Instruction Manual
JUMBO
ozito PXBRSS-018 Reciprocating Saw Instruction Manual
ozito
Symetrix 80-0152 AEC Coprocessor Module User Guide
Symetrix
DESSALATOR D300 AC Pro Compact Auto User Manual
DESSALATOR
SABER ATD-80446 200 Lumen Wireless Charging Headlamp Owner’s Manual
SABER
OREI USBC2HDMI SplitExtend HDMI Splitter Extended Display for Dual Monitor User Manual
OREI
coccolle Lissia Anthracite 3in1 Travel System Instruction Manual
coccolle
Nidec EasyLogPS Add-on Module User Manual
Nidec
EPROPULSION YA00055940 Evo Remote Control Installation Guide
EPROPULSION
VISUAL COMFORT JN 4110 Talia Small Semi-Flush Mount Instruction Manual
VISUAL COMFORT
iLIVE ITB474 Replacement Remote User Guide
iLive
Wiltec 64745 Petrol Multi Tool 1.9 kW Grass Trimmer Instruction Manual
wiltec
JOY-iT RB-TFT1.8 1,8 ” TFT-Display User Manual
JOY-It
DVB-T2 HEVC H.265 High Definition Digital Terrestrial Receiver User Guide
Terrestrial
Godox TT685IIS Flash For Nikon Camera Instruction Manual
Godox
Contact Us   Privacy Policy   7.544ms